Published on Security In A Box (https://securityinabox.org) Home > Printer-friendly PDF > Printer-friendly PDF How-to Booklet This How-to Booklet is designed to explain the issues that you must understand in order to safeguard your own digital security. It seeks to identify and describe the risks you face and help you make informed decisions about how best to reduce those risks. To this end, it answers eight broad questions related to basic security, data protection and communication privacy. At the beginning of each chapter, you will find a background scenario populated by fictional characters who will reappear in brief conversations throughout the chapter in order to illustrate certain points and answer common questions. You will also find a short list of specific lessons that can be learned from reading the chapter. It is a good idea to scan through this list before you begin reading. As you work through a chapter, you will encounter a number of technical terms that link to definitions in a glossary at the end of the booklet. You will also find references to the specific software discussed in the toolkit's Hands-on Guides. Any single chapter or guide in this toolkit can be read individually, formatted in your browser for easy printing, or shared electronically. However, you will get more out of Security in-a-box if you can follow the relevant links and references that are scattered throughout both the booklet and the software guides. If you have a printed copy of this Booklet, you should keep it front of you while you work through the Hands-on Guides. You should also remember to finish reading the How-to Booklet chapter covering a particular tool before you begin relying on that tool to protect your digital security. Where possible, you should read the chapters of the How-to Booklet in order. Security is a process, and there is often little point in trying to defend yourself against an advanced threat to your communication privacy, for example, if you have not yet ensured that your computer is free of viruses and other malware. In many cases, this would be like locking your door after a burglar is already in your home. This is not to say that any one of these eight topics is more important than any other, it is simply that the later chapters make certain assumptions about what you already know and about the state of the computer on which you are about to install software. Of course, there are many good reasons why you might want to work through these chapters out of sequence. You might need advice on how to back up your important files before you begin installing the tools described in the first Hands-on Guide. You might find yourself faced with an urgent privacy threat that justifies learning How to protect the sensitive files on your computer, which is covered in Chapter 4, as quickly as possible. Or perhaps you are working from an Internet café, on a computer whose security is not your responsibility and from which you do not intend to access any sensitive information. If you want to use this computer to visit a website that is blocked in your country, there is nothing to prevent you from skipping ahead to Chapter 8: How to remain anonymous and bypass censorship on the Internet. 1. How to protect your computer from malware and hackers Regardless of your broader objectives, keeping your computer healthy is a critical first step down the path toward better security. So, before you begin worrying too much about strong passwords, private communication and secure deletion, for example, you need to make sure that your computer is not vulnerable to hackers [1] or plagued by malicious software, often called malware [2] , such as viruses and spyware. Otherwise, it is impossible to guarantee the effectiveness of any other security precautions you might take. After all, there is no in point locking your door if the burglar is already downstairs, and it doesn't do you much good to search downstairs if you leave the door wide open. Accordingly, this chapter explains how to maintain your software and use tools like Avast [3] , Spybot [4] and Comodo Firewall [5] to protect your computer against the ever-present dangers of malware [2] infection and hacker [1] attacks. Although the tools recommended in this chapter are for Windows, which is the operating system most vulnerable to these threats, GNU/Linux [6] and Apple OS X users are also at risk and should still adopt the tactics presented below. Background scenario Assani is a human rights activist in a Francophone African country. His two teenage children, Salima and Muhindo, have offered to help him with some routine computer work he has been asked to do. After seeing the state of his computer, they offer to teach him the basics of how to keep it healthy and functional. Assani also likes the idea of using Free and Open Source Software, but he's not sure whether that would be more or less secure, so he asks for their advice. What you can learn from this chapter More about the nature of a few of the specific threats that malware [2] poses to the privacy and integrity of your information, the stability of your computer and the reliability of other security tools How you can use a number of recommended tools to help protect yourself from these threats How to keep your computer secure by updating your software frequently Why you should use freeware [7] tools, to avoid the dangers associated with expired licenses or pirated software, and 1 popular FOSS [8] tools, where possible, to enhance your security. Viruses There are many different ways to classify viruses, and each of these methods comes with its own set of colorfully-named categories. Worms, macroviruses, trojans and backdoors are some of the more well-known examples. Many of these viruses spread over the Internet, using email, malicious webpages or other means to infect unprotected computers. Others spread through removable media, particularly devices like USB memory sticks and external hard drives that allow users to write information as well as reading it. Viruses can destroy, damage or infect the information in your computer, including data on external drives. They can also take control of your computer and use it to attack other computers. Fortunately there are many anti-virus tools that you can use to protect yourself and those with whom you exchange digital information. Anti-virus software There is an excellent freeware [7] anti-virus program for Windows called Avast [3] , which is easy to use, regularly updated and well-respected by anti-virus experts. It requires that you register once every 14 months, but registration, updates and the program itself are all free-of-charge. Hands-on: Get started with the Avast! - Anti-Virus Guide [9] There are various other well-known commercial anti-virus programs as alternatives to Avast. Clam Win [10] is a FOSS [8] alternative to Avast [3] . Although it lacks certain features that are important for a primary anti-virus program, Clam Win [10] has the advantage that it can be run from a USB memory stick in order to scan a computer on which you are not allowed to install software. Tips on using anti-virus software effectively Do not run two anti-virus programs at the same time, as this might cause your computer to run extremely slowly or to crash. Uninstall one before installing another. Make sure that your anti-virus program allows you to receive updates. Many commercial tools that come pre-installed on new computers must be registered (and paid for) at some point or they will stop receiving updates. All of the software recommended here supports free updating. Ensure that your anti-virus software updates itself regularly. New viruses are written and distributed every day, and your computer will quickly become vulnerable if you do not keep up with new virus definitions. Avast [3] will automatically look for updates when you are connected to the Internet. Enable your anti-virus software's 'always on' virus-detection feature if it has one. Different tools have different names for it, but most of them offer a feature like this. It may be called 'Realtime Protection,' 'Resident Protection,' or something similar. Take a look at Section 3.2.1 [11] of the Avast Guide [9] to learn more about that tool's 'Resident Scanner.' Scan all of the files on your computer regularly. You don't have to do this every day (especially if your anti-virus software has an 'always on' feature, as described above) but you should do it from time to time. How often may depend on the circumstances. Have you connected your computer to unknown networks recently? With whom have you been sharing USB memory sticks? Do you frequently receive strange attachments by email? Has someone else in your home or office recently had virus problems? For more information on how best to scan files, see the Avast Guide [9] . Preventing virus infection Be extremely cautious when opening email attachments, any files received (e.g. over Instant Messaging like MSN, Skype, etc.) or downloaded from the Internet. It is best to avoid opening any files received from an unknown source. If you need to do so, you should first save the attachment to a folder on your computer, then open the appropriate application (such as Microsoft Word or Adobe Acrobat) yourself. If you use the program's File menu to open the attachment manually, rather than double-clicking the file or allowing your email program to open it automatically, you are less likely to contract a virus. Consider the possible risks before inserting removable media, such as CDs, DVDs and USB memory sticks, into your computer. You should first check that your anti-virus program has the latest updates and that its scanner is running. It is also a good idea to disable your operating system's 'AutoPlay' feature, which can be used by viruses to infect your computer. Under Windows XP, this can be done by going inside My Computer, right-clicking on your CD or DVD drive, selecting Properties and clicking on the AutoPlay tab. For each content type, select the Take no action or Prompt me each time to choose an action options then click OK. You can also help prevent some virus infections by switching to free and open source software, which is often more secure, and which virus writers are less likely to target. Assani: I have a virus cleaner and I run it regularly, so I figure my computer is healthy, right? Salima: Actually, just having anti-virus software isn't enough. You also need to protect your computer from spyware and hackers, so you'll have to install and run a couple more tools. Spyware 2 Spyware is a class of malicious software that can track the work you do, both on your computer and on the Internet, and send information about it to someone who shouldn't have access to it. These programs can record the words you type on your keyboard, the movements of your mouse, the pages you visit and the programs you run, among other things. As a result, they can undermine your computer's security and reveal confidential information about you, your activities and your contacts. Computers become infected with spyware in much the same way that they contract viruses, so many of the suggestions above are also helpful when defending against this second class of malware [2] . Because malicious webpages are a major source of spyware infection, you should pay extra attention to the websites you visit and make sure that your browser settings are secure. Assani: It all sounds like something out of a spy movie to me. Is my computer really "infected with spyware?" Muhindo: Believe it or not, it's really common. If those programs you downloaded from the Internet haven't infected you, there's a good chance at least one of the webpages you've visited has. The fact that you use Windows and Internet Explorer makes it even more likely. If you've never scanned your computer for spyware, I bet you'll be surprised by how much is already installed on it Anti-spyware software You can use anti-spyware tools to protect your computer from this type of threat. Spybot [4] is one such program, and it does a very good job of identifying and removing certain types of malware that anti-virus programs simply ignore. Just like with anti-virus software, though, it is extremely important that you update Spybot's malware [2] definitions and run regular scans. Hands-on: Get started with the Spybot - Anti-Spyware Guide [12] Preventing spyware infection Stay alert when browsing websites. Watch for browser windows that appear automatically, and read them carefully instead of just clicking Yes or OK. When in doubt, you should close 'pop up windows' by clicking the X in the upper right-hand corner, rather than by clicking Cancel. This can help prevent webpages from tricking you into installing malware [2] on your computer. Improve the security of your Web browser by preventing it from automatically running the potentially dangerous programs that are sometimes contained within webpages you visit. If you are using Mozilla Firefox [13] , you can install the NoScript [14] add-on, as described in Section 4 [15] of the Firefox Guide [16] . Never accept and run this sort of content if it comes from websites that you don't know or trust. Assani: I've heard that 'Java applets' and 'ActiveX controls' can be dangerous. But I have no idea what they are. Salima: They're just different examples of the same sort of thing: small programs that your Web browser sometimes downloads along with whatever page you're reading. Web designers use them to create complex sites, but they can also spread viruses and spyware. You don't have to worry too much about how they actually work, as long as you have NoScript installed and running properly. Firewalls A firewall is the first program on a computer that sees incoming data from the Internet. It is also the last program to handle outgoing information. Like a security guard, posted at the door of a building to decide who can enter and who can leave, a firewall receives, inspects and makes decisions about all incoming and outgoing data. Naturally, it is critical that you defend yourself against untrusted connections from the Internet and from local networks, either of which could give hackers and viruses a clear path to your computer. In fact, though, monitoring outgoing connections originating from your own computer is no less important. A good firewall allows you to choose access permissions for each program on your computer. When one of these programs tries to contact the outside world, your firewall will block the attempt and give you a warning unless it recognizes the program and verifies that you have given it permission to make that sort of connection. This is largely to prevent existing malware [2] from spreading viruses or inviting hackers into your computer. In this regard, a firewall provides both a second line of defense and an early-warning system that might help you recognize when your computer's security is being threatened. Firewall software Recent versions of Microsoft Windows include a built-in firewall, which is now turned on automatically. Unfortunately, the Windows firewall is limited in many ways, for example, it does not examine outgoing connections. However, there is an excellent freeware [7] program called Comodo Personal Firewall [5] , which does a better job of keeping your computer secure. Hands-on: Get started with the Comodo Firewall Guide [17] Preventing untrusted network connections Only install essential programs on the computer you use for sensitive work, and make sure you get them from a reputable source. Uninstall any software that you do not use. 3 Disconnect your computer from the Internet when you are not using it and shut it down completely overnight Do not share your Windows password with anyone. If you have enabled any 'Windows services' that you are no longer using, you should disable them. See the Further reading [18] section for more about this Make sure that all of the computers on your office network have a firewall installed If you do not already have one, you should consider installing an additional firewall to protect the entire local network at your office. Many commercial broadband gateways [19] include an easy-to-use firewall, and turning it on can make your network much more secure. If you are not sure where to start with this, you might want to ask for assistance from whoever helped set up your network Asani: So, now you want me to install anti-virus, anti-spyware and firewall software? Can my computer cope with all that? Muhindo: Absolutely. In fact, these three tools are the bare minimum if you want to stay secure on the Internet these days. They're made to work together, so installing them all shouldn't cause any problems. Remember, though, you don't want want to run two anti-virus programs or two firewalls at the same time. Keeping your software up-to-date Computer programs are often large and complex. It is inevitable that some of the software you use on a regular basis contains undiscovered errors, and it is likely that some of these errors could undermine your computer's security. Software developers continue to find these errors, however, and release updates to fix them. It is therefore essential that you frequently update all of the software on your computer, including the operating system. If Windows is not updating itself automatically, you can configure it to do so by clicking the Start menu, selecting All Programs and clicking Windows Update. This will open Internet Explorer, and take you to the Microsoft Update page, where you can enable the Automatic Updates feature. See the Further reading [18] section to learn more about this. Similarly it is important to make sure that all of the other software installed on your computer is updated. In order to do it you first need to know what programs you have on your computer and perhaps uninstall those that are not essential (on Windows go to Control Panel and Programs or Add/Remove Programs). Then it is good to review for each program if it is the latest version, how can it be updated and will it update itself automatically in the future. Staying up-to-date with freeware and FOSS (free and open source software) tools Proprietary software [20] often requires proof that it was purchased legally before it will allow you to install updates. If you are using a pirated copy of Microsoft Windows, for example, it may be unable to update itself, which would leave you and your information extremely vulnerable. By not having a valid license, you put yourself and others at risk. Relying on illegal software can present non-technical risks, as well. The authorities in a growing number of countries have begun to verify that organisations possess a valid license for each piece of software that they use. Police have confiscated computers and closed down organizations on the basis of 'software piracy.' This justification can be abused quite easily in countries where the authorities have political reasons to interfere with a given organisation's work. Fortunately, you do not have to purchase expensive software to protect yourself from tactics like this. We strongly recommend that you try out the freeware [7] or FOSS [8] (free and open source software) alternatives to any propriety software [20] that you currently use, especially those programs that are unlicensed. Freeware [7] and FOSS [8] tools are often written by volunteers and non-profit organisations who release them, and even update them, free of charge. FOSS [8] tools, in particular, are generally considered to be more secure than proprietary [20] ones, because they are developed in a transparent way that allows their source code [21] to be examined by a diverse group of experts, any one of whom can identify problems and contribute solutions. Many FOSS [8] applications look like, and work almost the same way as, the proprietary software that they were written to replace. At the same time, you can use these programs alongside proprietary software, including the Windows operating system, without any problems. Even if your colleagues continue to use the commercial version of a particular type of program, you can still exchange files and share information with them quite easily. In particular, you might consider replacing Internet Explorer, Outlook or Outlook Express and Microsoft Office with Firefox, Thunderbird and LibreOffice [22] , respectively. In fact, you could even move away from the Microsoft Windows operating system entirely, and try using a more secure FOSS [8] alternative called GNU/Linux [6] . The best way to find out if you're ready to make the switch is simply to give it a try. You can download a LiveCD [23] version of Ubuntu Linux [24] , burn it to a CD or DVD, put it in your computer and restart. When it's done loading, your computer will be running GNU/Linux [6] , and you can decide what you think. Don't worry, none of this is permanent. When you're finished, simply shut down your computer and remove the Ubuntu LiveCD [23] . The next time you start up, you'll be back in Windows, and all of you applications, settings and data will be just as you left them. In addition to the general security advantages of open-source software, Ubuntu has a free, easy-to-use update tool that will keep your operating system and much of your other software from becoming outdated and insecure. Further reading See the chapter on Malicious Software and Spam and the Appendix on Internet Program Settings in the Digital Security and Privacy for Human Rights Defenders [25] book. Keep up to-date with news about viruses on the Virus Bulletin [26] website. 4 Learn how to determine which 'Windows services' are unnecessary and disable those you do not need [27] . Other toolkits from the Tactical Technology Collective [28] can help you switch to using FOSS and Freeware tools for all of your software needs. Download free bootable rescue CDs [29] to scan your computer and remove the viruses, without starting Windows on your computer. If you think your computer is infected with a virus or some other malicious software read Malware Removal Guide for Windows [30] . 2. How to protect your information from physical threats No matter how much effort you have put into building a digital barrier around your computer, you could still wake up one morning to find that it, or a copy of the information on it, has been lost, stolen, or damaged by any number of unfortunate accidents or malicious acts. Anything from a power surge to an open window to a spilt cup of coffee might lead to a situation in which all of your data are lost and you are no longer able to use your computer. A careful risk assessment, a consistent effort to maintain a healthy computing environment and a written security policy [31] can help avoid this type of diaster. Background scenario Shingai and Rudo are an elderly married couple with many years of experience helping the HIV-infected population of Zimbabwe maintain access to proper medication. They are applying for a grant to purchase new computers and network equipment for their office. Since they live in a region that is quite turbulent, in terms both of politics and of infrastructure, they and their potential funders want to ensure that their new hardware will be safe, not only from hackers and viruses, but also from confiscation, thunderstorms, electrical spikes and other such disasters. They ask Otto, a local computer technician, to help them devise a plan of action to strengthen the physical security of the computers and network hardware they plan to buy if their grant application is successful. What you can learn from this chapter More about a few of the physical threats [32] to your computer and to the information stored on it How best to secure computer equipment against some of these threats How to create a healthy operating environment for computers and network equipment What to consider when creating a security plan for the computers in your office Assessing your risks Many organisations underestimate the importance of keeping their offices and their equipment physically secure. As a result, they often lack a clear policy describing what measures they should take to protect computers and backup storage devices from theft, severe weather conditions, accidents, and other physical threats [33] . The importance of such policies may seem obvious, but formulating them properly can be more complicated than it sounds. Many organisations, for example, have good quality locks on their office doors, and many even have secure windows; but if they do not pay attention to the number of keys that have been created, and who has copies of those keys, their sensitive information remains vulnerable. Shingai: We want to put a brief summary of our security policy into this grant application, but we also need to make sure the policy itself is thorough. What should we include in it? Otto: I'm afraid I can't recommend a one-size-fits-all solution to the challenge of physical security. The specifics of a good policy almost always depend on a particular organisation's individual circumstances. Here's a piece of general advice, though: when you're trying to come up with a plan, you need to observe your work environment very carefully and think creatively about where your weak points might be and what you can do to strengthen them. When assessing the risks and vulnerabilities that you or your organisation face, you must evaluate several different levels at which your data may be threatened. Consider the communication channels you use and how you use them. Examples might include paper letters, faxes, landline phones, mobile phones, emails and Skype [34] messages. Consider how you store important information. Computer hard drives, email and web servers, USB memory sticks, external USB hard drives, CDs and DVDs, mobile phones, printed paper and hand-written notes are all likely possibilities. Consider where these items are located, physically. They could be in the office, at home, in a trash bin out back or, increasingly, 'somewhere on the Internet.' In this last case, it might be quite challenging to to determine the particular piece of information's actual, physical location. Keep in mind that the same piece of information might be vulnerable on many different levels. Just as you might rely on anti-virus software to protect the contents of a USB memory stick from malware [2] , you must rely on a detailed physical security plan to protect the same information from theft, loss or destruction. While some security practices, such as having a good off-site backup policy, are helpful against both digital and physical threats, others are clearly more specific. 5 When you decide whether to carry your USB memory stick in your pocket or sealed in a plastic bag at the bottom of your luggage, you are making a decision about physical security, even though the information you are trying to protect is digital. As usual, the correct policy depends greatly on the situation. Are you walking across town or travelling across a border? Will somebody else be carrying your bag? Is it raining? These are the sorts of questions that you should consider when making decisions like this. Protecting your information from physical intruders Malicious individuals seeking access to your sensitive information represent one important class of physical threat [33] . It would be a mistake to assume that this is the only such threat to the security of your information, but it would be even more shortsighted to ignore it. There are a number of steps you can take to help reduce the risk of physical intrusion. The categories and suggestions below, many of which may apply to your home as well as your office, represent a foundation upon which you should build in accordance with your own particular physical security situation. Around the office Get to know your neighbours. Depending on the security climate in your country and in your neighbourhood, one of two things may be possible. Either you can turn them into allies who will help you keep an eye on your office, or you can add them to the list of potential threats that your security plan must address. Review how you protect all of the doors, windows and other points of entry that lead into your office. Consider installing a surveillance camera or a motion-sensor alarm. Try to create a reception area, where visitors can be met before they enter the office, and a meeting room that is separate from your normal work space. In the office Protect network cables by running them inside the office. Lock network devices such as servers [35] , routers [19] , switches [19] , hubs [19] and modems into secure rooms or cabinets. An intruder with physical access to such equipment can install malware [2] capable of stealing data in transit or attacking other computers on your network even after he leaves. In some circumstances it may be beneficial to hide servers, computers or other equipment in attics, over a fake ceiling, or even with a neighbor, and use them through wireless connection. If you have a wireless network, it is critical that you secure your access point [19] so that intruders cannot join your network or monitor your traffic. If you are using an insecure wireless network, anyone in your neighbourhood with a laptop becomes a potential intruder. This is an unusual definition of 'physical', but it helps to consider that a malicious individual who can monitor your wireless network has the same access as one who can sneak into your office and connect an ethernet cable. The steps required to secure a wireless network will vary, depending on your access point [19] hardware and software, but they are rarely difficult to follow. At your work You should position your computer screen carefully, both on your desk and when you are away from the office, in order to prevent others from reading what is displayed there. In the office, this means considering the location of windows, open doors and the guest waiting area, if you have one. Most desktop computer cases have a slot where you can attach a padlock that will prevent anyone without a key from getting inside. If you have cases like this in the office, you should lock them so that intruders cannot tamper with their internal hardware. You might also consider this feature when purchasing new computers. Use a locking security cable [36] , where possible, to prevent intruders from stealing the computers themselves. This is especially important for laptops and small desktops that could be hidden inside a bag or under a coat. Software and settings related to physical security Make sure that, when you restart your computer, it asks you for a password before allowing you to run software and access files. If it does not, you can enable this feature in Windows by clicking on the Start menu, selecting the Control Panel, and double-clicking on User Accounts. In the User Accounts screen, select your own account and click Create a Password. Choose a secure password, as discussed in Chapter 3: How to create and maintain good passwords [37] , enter your password, confirm it, click Create Password and click Yes, Make Private. There are a few settings in your computer's BIOS [38] that are relevant to physical security. First, you should configure your computer so that it will not boot [39] from the USB device, CD-ROM or DVD drives. Second, you should set a password on the BIOS [38] itself, so that an intruder can not simply undo the previous setting. Again, be sure to choose a secure password. If you rely on a secure password database, as discussed in Chapter 3 [37] , to store your Windows or BIOS [38] passwords for a particular computer, make sure that you do not keep your only copy of the database on that 6 computer. Get in the habit of locking your account whenever you step away from your computer. On Windows, you can do this quickly by holding down the Windows logo key and pressing the L key. This will only work if you have created a password for your account, as described above. Encrypt [40] sensitive information on computers and storage devices in your office. See Chapter 4: How to protect the sensitive files on your computer [41] for additional details and pointers to the appropriate Hands-on Guides.# Rudo: I'm a bit nervous about messing around in BIOS. Can I break my computer if I do something wrong? tto: You sure can, at least for a little while. In fact, the settings that you might want to change are pretty simple, but the BIOS screen itself can be a little intimidating, and it is possible to leave your computer temporarily unable to start if you do something wrong. In general, if you're uncomfortable working in BIOS, you should ask someone with more computer experience to help you out. Portable devices Keep your laptop, your mobile phone and other portable devices that contain sensitive information with you at all times, especially if you are travelling or staying at a hotel. Travelling with a laptop security cable [36] is a good idea, although it is sometimes difficult to find an appropriate object to which you can attach one. Remember that meal times are often exploited by thieves, many of whom have learnt to check hotel rooms for laptops during hours of the day when they are likely to be unattended. If you have a laptop, tablet or other mobile device, try to avoid putting them on display. There is no need to show thieves that you are carrying such valuable hardware or to show individuals who might want access to your data that your shoulder bag contains a hard drive full of information. Avoid using your portable devices in public areas, and consider carrying your laptop in something that does not look like a laptop bag. Maintaining a healthy environment for your computer hardware Like many electronic devices, computers are quite sensitive. They do not adapt well to unstable electricity supplies, extreme temperatures, dust, high humidity or mechanical stress. There are a number of things you can do to protect your computers and network equipment from such threats: Electrical problems such as power surges, blackouts and brownouts can cause physical damage to a computer. Irregularities like this can 'crash' your hard drive, damaging the information it contains, or physically harm the electronic components in your computer. If you can afford them, you should install Uninterruptible Power Supplies (UPS' [42] ) on important computers in your office. A UPS [42] stabilises electricity supply and provides temporary power in the event of a blackout. Even where UPS' [42] are deemed inappropriate or too costly, you can still provide power filters or surge protectors, either of which will help protect you from power surges. Test your electrical network before you connect important equipment to it. Try to use power sockets that have three slots, one of them being a 'ground line', or 'earth'. And, if possible, take a day or two to see how the electrical system in a new office behaves when powering inexpensive devices, such as lamps and fans, before putting your computers at risk. To defend against accidents in general, avoid placing important hardware in passages, reception areas or other easily accessible locations. UPS', power filters, surge protectors, power strips and extension cables, particularly those attached to servers and networking equipment, should be positioned where they will not be switched off by an accidental misstep. If you have access to high-quality computer cables, power strips and extension cables, you should purchase enough to serve your entire office and pick up a few extras. Power strips that fall out of wall sockets, fail to hold plugs securely and spark constantly are more than just annoying. They can be quite damaging to the physical security of any computers attached to them. They can also lead frustrated users to secure their loose computer cables to a sparking power strip with tape, which creates an obvious fire hazard. If you keep any of your computers inside cabinets, make sure they have adequate ventilation, or they might overheat Computer equipment should not be housed near radiators, heating vents, air conditioners or other ductwork Creating your physical security policy Once you have assessed the threats and vulnerabilities that you or your organisation face, you must consider what steps can be taken to improve your physical security. You should create a detailed security policy [31] by putting these steps in writing. The resulting document will serve as a general guideline for yourself, your colleagues and any newcomers to your organisation. It should also provide a checklist of what actions should be taken in the event of various different physical 7 security emergencies. Everybody involved should take the time to read, implement and keep up with these security standards. They should also be encouraged to ask questions and propose suggestions on how to improve the document. Your physical security policy [31] may contain various sections, depending on the circumstances: An office access policy that addresses the alarm systems, what keys exist and who has them, when guests are allowed in the office, who holds the cleaning contract and other such issues A policy on which parts of the office should be restricted to authorized visitors An inventory of your equipment, including serial numbers and physical descriptions A plan for securely disposing of paper rubbish that contains sensitive information Emergency procedures related to: Who should be notified if sensitive information is disclosed or misplaced Who to contact in the event of a fire, flood, or other natural disaster How to perform certain key emergency repairs How to contact the companies or organizations that provide services such as electrical power, water and Internet access How to recover information from your off-site backup system. You can find more detailed backup advice in Chapter 5: How to recover from information loss [43] . Your security policy [31] should be reviewed periodically and modified to reflect any policy changes that have been made since its last review. And, of course, don't forget to back up your security policy [31] document along with the rest of your important data. See the Further reading [44] section for more information about creating a security policy [31] . Further reading For additional information on assessing risks, see the 1.2 Security Awareness, and 1.3 Threat Assessment sections of the Digital Security and Privacy for Human Rights Defenders [25] book. For a more detailed explanation of how to set a BIOS password, see the 2.1 Windows Security chapter in the Digital Security and Privacy for Human Rights Defenders [25] book. For guidelines on creating a security policy, see 4. Case Study 1 in the Digital Security and Privacy for Human Rights Defenders [25] book. See also the Protection Manual [45] and Protection Handbook [46] for Human Rights Defenders. 3. How to create and maintain secure passwords Many of the secure services that allow us to feel comfortable using digital technology to conduct important business, from signing in to our computers and sending email to encrypting [40] and hiding sensitive data, require that we remember a password. These secret words, phrases or strings of gibberish often provide the first, and sometimes the only, barrier between your information and anyone who might want to read, copy, modify or destroy it without your permission. There are many ways in which someone could learn your passwords, but you can defend against most of them by applying a few specific tactics and by using a secure password database [47] tool, such as KeePass [48] . Background scenario Mansour and Magda are siblings, in an Arabic-speaking country, who maintain a blog on which they anonymously publicise human rights abuses and campaign for political change. Magda recently tried to log into her personal webmail account and found that her password had been changed. After resetting the password, she was able to log in, but when she opened her inbox she noticed that several new messages were marked as having been read. She suspects that a politically-motivated intruder may have learned or guessed her password, which she uses for several of her website accounts. She is meeting with Mansour, who has less computer experience, to explain the situation and to voice her concerns. What you can learn from this chapter The elements of a secure password A few tricks for remembering long, complicated passwords How to use the KeePass [48] secure password database [47] to store passwords instead of remembering them Selecting and maintaining secure passwords In general, when you want to protect something, you lock it up with a key. Houses, cars and bicycle locks all have physical keys; protected files have encryption [40] keys; bank cards have PIN numbers; and email accounts have passwords. All of these keys, physical and electronic, have one thing in common: they open their respective locks just as effectively in the hands of somebody else. You can install advanced firewalls, secure email accounts, and encrypted [40] disks, but if your password is weak, or if you allow it to fall into the wrong hands, they will not do you much good. Elements of a strong password 8 A password should be difficult for a computer program to guess. Make it long: The longer a password is, the less likely it is that a computer program would be able to guess it in a reasonable amount of time. You should try to create passwords that include ten or more characters. Some people use passwords that contain more than one word, with or without spaces between them, which are often called passphrases. This is a great idea, as long as the program or service you are using allows you to choose long enough passwords. Make it complex: In addition to length, the complexity of a password also helps prevent automatic 'password cracking' software from guessing the right combination of characters. Where possible, you should always include upper case letters, lower case letters, numbers and symbols, such as punctuation marks, in your password. A password should be difficult for others to figure out. Make it practical: If you have to write your password down because you can't remember it, you may end up facing a whole new category of threats that could leave you vulnerable to anybody with a clear view of your desk or temporary access to your home, your wallet, or even the trash bin outside your office. If you are unable to think of a password that is long and complex but still memorable, the Remembering secure passwords [49] section, below, might be of some help. If not, you should still choose something secure, but you may need to record it using a secure password database [47] such as KeePass [48] . Other types of password-protected files, including Microsoft Word documents, should not be trusted for this purpose, as many of them can be broken in seconds using tools that are freely available on the Internet. Don't make it personal: Your password should not be related to you personally. Don't choose a word or phrase based on information such as your name, social security number, telephone number, child's name, pet's name, birth date, or anything else that a person could learn by doing a little research about you. Keep it secret: Do not share your password with anyone unless it is absolutely necessary. And, if you must share a password with a friend, family member or colleague, you should change it to a temporary password first, share that one, then change it back when they are done using it. Often, there are alternatives to sharing a password, such as creating a separate account for each individual who needs access. Keeping your password secret also means paying attention to who might be reading over your shoulder while you type it or look it up in a secure password database [47] . A password should be chosen so as to minimise damage if someone does learn it. Make it unique: Avoid using the same password for more than one account. Otherwise, anyone who learns that password will gain access to even more of your sensitive information. This is particularly true because some services make it relatively easy to crack a password. If you use the same password for your Windows user account and your Gmail account, for example, someone with physical access to your computer can crack the former and use what they learn to access the latter. For similar reasons, it is a bad idea to rotate passwords by swapping them around between different accounts. Keep it fresh: Change your password on a regular basis, preferably at least once every three months. Some people get quite attached to a particular password and never change it. This is a bad idea. The longer you keep one password, the more opportunity others have to figure it out. Also, if someone is able to use your stolen password to access your information and services without you knowing about it, they will continue to do so until you change the password. Mansour: What if I trust someone? It's OK for me to tell you my password, right? Magda: Well, first of all, just because you trust somebody with your password doesn't necessarily mean you trust them to take good care of it, right? Even though I wouldn't do anything bad with your password, I might write it down and lose it or something. That could even be how I got into this mess! And besides, it's not all about trust. If you're the only one who knows your password, then you don't have to waste your time worrying about who to blame if the account gets broken into. Right now, for example, I feel pretty confident that somebody actually guessed or 'cracked' my password, because I never wrote it down or shared it with anyone. Remembering and recording secure passwords Looking over the list of suggestions above, you might wonder how anyone without a photographic memory could possibly keep track of passwords that are this long, complex and meaningless without writing them down. The importance of using a different password for each account makes this even more difficult. There are a few tricks, however, that might help you create passwords that are easy to remember but extremely difficult to guess, even for a clever person using advanced 'password cracking' software. You also have the option of recording your passwords using a tool like KeePass [48] that was created specifically for this purpose. Remembering secure passwords It is important to use different types of characters when choosing a password. This can be done in various ways: Varying capitalisation, such as: 'My naME is Not MR. MarSter' Alternating numbers and letters, such as: 'a11 w0Rk 4nD N0 p14Y' Incorporating certain symbols, such as: 'c@t(heR1nthery3' Using multiple languages, such as: 'Let Them Eat 1e gateaU au ch()colaT' 9 Any of these methods can help you increase the complexity of an otherwise simple password, which may allow you to choose one that is secure without having to give up entirely on the idea of memorizing it. Some of the more common substitutions (such as the use of a zero instead of an 'o' or the '@' symbol in place of an 'a') were long-ago incorporated into password-cracking tools, but they are still a good idea. They increase the amount of time that such tools would require to learn a password and, in the more common situations where tools of this sort cannot be used, they help prevent lucky guesses. Passwords can also take advantage of more traditional mnemonic devices [50] , such as the use of acronyms. This allows long phrases to be turned into complex, seemingly-random words: 'To be or not to be? That is the question' becomes '2Bon2B?TitQ' 'We hold these truths to be self-evident: that all men are created equal' becomes 'WhtT2bs-e:taMac=' 'Are you happy today?' becomes 'rU:-)2d@y?' These are just a few examples to help you come up with your own method of encoding words and phrases to make them simultaneously complex and memorable. A little effort to make the password more complex goes a very long way. Increasing the length of a password even just by a few characters, or by adding numbers or special characters, makes it much more difficult to crack. For demonstrative purposes, the table below shows how much longer it may take a hacker to break a list of progressively more complex passwords by trying different combinations of the password one after another. Sample Password Time to crack with an everyday computer Time to crack with a very fast computer bananas Less than 1 day Less than 1 day bananalemonade 2 days Less than 1 day BananaLemonade 3 months, 14 days Less than 1 day B4n4n4L3m0n4d3 3 centuries, 4 decades 1 month, 26 days We Have No Bananas 19151466 centuries 3990 centuries W3 H4v3 N0 B4n4n45 20210213722742 centuries 4210461192 centuries Of course, the time it would take to crack any of the above passwords would vary widely depending on the nature of the attack, and the resources available to the attacker. Moreover, new methods to crack passwords are constantly being devised. All the same, the table does demonstrate that passwords become vastly more difficult to break by simply varying characters and using two words or, even better, a short phrase. The table above is based on Passfault [51] 's calculations. Passfault is one of a number of websites which allow you to test the strength of your passwords. However, while such resources are good for demonstrating the relative efficiency of different types of passwords, you should avoid introducing your actual passwords into these sites. Recording passwords securely While a little creativity may allow you to remember all of your passwords, the need to change those passwords periodically means that you might quickly run out of creativity. As an alternative, you can generate random, secure passwords for most of your accounts and simply give up on the idea of remembering them all. Instead, you can record them in a portable, encrypted secure password database [47] , such as KeePass [48] . Hands-on: Get started with the KeePass - Secure Password Storage Guide [52] Of course, if you use this method, it becomes especially important that you create and remember a very secure password for KeePass [48] , or whatever tool you choose. Whenever you need to enter a password for a specific account, you can look it up using only your master password, which makes it much easier to follow all of the suggestions above. KeePass [48] is portable, as well, which means that you can put the database on a USB memory stick in case you need to look up a password while you are away from your primary computer. Although it is probably the best option for anybody who has to maintain a large number of accounts, there are a few drawbacks to this method. First, if you lose or accidentally delete your only copy of a password database, you will no longer have access to any of the accounts for which it contained passwords. This makes it extremely important that you back up your KeePass [48] database. Look over Chapter 5: How to recover from information loss [43] for more information on backup strategies. Fortunately, the fact that your database is encrypted means that you don't have to panic if you lose a USB memory stick or a backup drive containing a copy of it. The second major drawback could be even more important. If you forget your KeePass [48] master password, there is no way to recover it or the contents of the database. So, be sure to choose a master password that is both secure and memorable! The strength of this method may, in certain situations, become it's weakness. If somebody force you to give away your Keepass database master password, he will gain access to all of the passwords stored in this Keepass database. If this is the situation you may face, you could treat your Keepass database as a sensitive file, and protect it as we describe in Chapter 4: How to protect the sensitive files on your computer [41] . You can also create a separate Keepass database to containg passwords protecting more sensitive information, and take extra precautions with that database. 10 to containg passwords protecting more sensitive information, and take extra precautions with that database. Mansour: Wait a minute. If KeePass uses a single master password to protect all of your other passwords, how is it more secure than just using that same password for all of your accounts? I mean, if a bad guy learns the master password, he gets access to everything, right? Magda: It's a good thought, and you're right that protecting your master password is really important, but there are a couple of key differences. First of all, this 'bad guy' would not only need your password, he'd need your KeePass database file, too. If you just share the same password between all of your accounts, then he'd only need the password itself. Plus, we know that KeePass is extremely secure, right? Well, other programs and websites can go either way. Some of them are much less secure than others, and you don't want someone breaking into a weak website, and then using what he learns to access a more secure account. And there's another thing, too. KeePass makes it really easy to change your master password if you think it's necessary. I should be so lucky! I spent all day today updating my passwords. Further reading To learn more about secure passwords, see the 2.2 Password Protection chapter and the Appendix D. How long should my password be? in the Digital Security and Privacy for Human rights Defenders [25] book. Wikipedia has informative articles on Passwords [53] , Guidelines for password strength [54] , and password cracking [55] . 4. How to protect the sensitive files on your computer Unauthorised access to the information on your computer or portable storage devices can be carried out remotely, if the 'intruder' is able to read or modify your data over the Internet; or physically, if he manages to get hold of your hardware. You can protect yourself against either type of threat by improving the physical and network security of your data, as discussed in Chapter 1: How to protect your computer from malware and hackers [56] and Chapter 2: How to protect your information from physical threats [57] . It is always best to have several layers of defence, however, which is why you should also protect the files themselves. That way, your sensitive information is likely to remain safe even if your other security efforts prove inadequate. There are two general approaches to the challenge of securing your data in this way. You can encrypt [40] your files, making them unreadable to anyone but you, or you can hide them in the hope that an intruder will be unable to find your sensitive information. There are tools to help you with either approach, including a FOSS [8] application called TrueCrypt [58] , which can both encrypt [40] and hide your file. Background scenario Claudia and Pablo work with a human rights NGO in a South American country. They have spent several months collecting testimonies from witnesses to the human rights violations that have been committed by the military in their region. If the details of who provided these testimonies were to become known, it would endanger both the courageous people who testified and members of the organisation in that region. This information is currently stored in a spreadsheet on the NGO's Windows XP computer, which is connected to the Internet. Being security conscious, Claudia has made sure to store a backup of the data on a CD, which she keeps outside the office. What you can learn from this chapter How to encrypt [40] information on your computer What risks you might face by keeping your data encrypted [40] How to protect data on USB memory sticks, in case they are lost or stolen What steps you can take to hide information from physical or remote intruders Encrypting your information Pablo: But my computer is already protected by the Windows login password! Isn't that good enough? Claudia: Actually, Windows login passwords are usually quite easy to break. Plus, anybody who gets his hands on your computer for long enough to restart it with a LiveCD in the drive can copy your data without even having to worry about the password. If they manage to take it away for a while, then you're in even worse trouble. It's not just Windows passwords you need to worry about, either. You shouldn't trust Microsoft Word or Adobe Acrobat passwords either. Encrypting [40] your information is a bit like keeping it in a locked safe. Only those who have a key or know the lock's combination (an encryption [40] key or password, in this case) can access it. The analogy is particularly appropriate for TrueCrypt [58] and tools like it, which create secure containers called 'encrypted volumes' rather than simply protecting one file at a time. You can put a large number of files into an encrypted [40] volume, but these tools will not protect anything that is stored elsewhere on your computer or USB memory stick. Hands-on: Get started with the TrueCrypt - Secure File Storage Guide [59] While other software can provide similar strength encryption [40] , TrueCrypt [58] contains several important features to allow 11 you to design your information security strategy. It offers the possibility of permanently encrypting the whole disk of your computer including all your files, all temporary files created during your work, all programs you have installed and all Windows operating system files. TrueCrypt supports encrypted [40] volumes on portable storage devices. It provides 'deniability' features described in the Hiding your sensitive information [60] section below. In addition TrueCrypt is a free and open source [8] program. Pablo: Alright, now you have me worried. What about other users on the same computer? Does this mean they can read files in the 'My Documents' folder? Claudia: I like the way you're thinking! If your Windows password doesn't protect you from intruders, how can it protect you from other people with accounts on the same computer? In fact, your My Documents folder is normally visible to anybody, so other users wouldn't even have to do anything clever to read your unencrypted files. You're right, though, even if the folder is made 'private,' you're still not safe unless you use some kind of encryption. Tips on using file encryption safely Storing confidential data can be a risk for you and for the people you work with. Encryption [40] reduces this risk but does not eliminate it. The first step to protecting sensitive information is to reduce how much of it you keep around. Unless you have a good reason to store a particular file, or a particular category of information within a file, you should simply delete it (see Chapter 6: How to destroy sensitive information [61] for more information about how to do this securely). The second step is to use a good file encryption [40] tool, such as TrueCrypt [58] . Claudia: Well, maybe we don't actually need to store information that could identify the people who gave us these testimonies. What do you think? Pablo: Agreed. We should probably write down as little of that as possible. Plus, we should think up a simple code we can use to protect names and locations that we absolutely have to record. Returning to the analogy of a locked safe, there are a few things you should bear in mind when using TrueCrypt [58] and tools like it. No matter how sturdy your safe is, it won't do you a whole lot of good if you leave the door open. When your TrueCrypt [58] volume is 'mounted' (whenever you can access the contents yourself), your data may be vulnerable, so you should keep it closed except when you are actually reading or modifying the files inside it. There are a few situations when it is especially important that you remember not to leave your encrypted [40] volumes mounted: Disconnect them when you walk away from your computer for any length of time. Even if you typically leave your computer running overnight, you need to ensure that you do not leave your sensitive files accessible to physical or remote intruders while you are gone. Disconnect them before putting your computer to sleep. This applies to both 'suspend' and 'hibernation' features, which are typically used with laptops but may be present on desktop computers as well. Disconnect them before allowing someone else to handle your computer. When taking a laptop through a security checkpoint or border crossing, it is important that you disconnect all encrypted [40] volumes and shut your computer down completely. Disconnect them before inserting an untrusted USB memory stick or other external storage device, including those belonging to friends and colleagues. If you keep an encrypted [40] volume on a USB memory stick, remember that just removing the device may not immediately disconnect the volume. Even if you need to secure your files in a hurry, you have to dismount the volume properly, then disconnect the external drive or memory stick, then remove the device. You might want to practice until you find the quickest way to do all of these things. If you decide to keep your TrueCrypt [58] volume on a USB memory stick, you can also keep a copy of the TrueCrypt [58] program with it. This will allow you to access your data on other people's computers. The usual rules still apply, however: if you don't trust the machine to be free of malware [2] , you probably shouldn't be typing in your passwords or accessing your sensitive data. Hiding your sensitive information One issue with keeping a safe in your home or office, to say nothing of carrying one in your pocket, is that it tends to be quite obvious. Many people have reasonable concerns about incriminating themselves by using encryption [40] . Just because the legitimate reasons to encrypt [40] data outnumber the illegitimate ones does not make this threat any less real. Essentially, there are two reasons why you might shy away from using a tool like TrueCrypt [58] : the risk of self-incrimination and the risk of clearly identifying the location of your most sensitive information. Considering the risk of self-incrimination Encryption [40] is illegal in some countries, which means that downloading, installing or using software of this sort might be a crime in its own right. And, if the police, military or intelligence services are among those groups from whom you are seeking to protect your information, then violating these laws can provide a pretext under which your activities might be investigated or your organisation might be persecuted. In fact, however, threats like this may have nothing to do with the legality of the tools in question. Any time that merely being associated with encryption [40] software would be enough to 12 expose you to accusations of criminal activity or espionage (regardless of what is actually inside your encrypted [40] volumes), then you will have to think carefully about whether or not such tools are appropriate for your situation. If that is the case, you have a few options: You can avoid using data security software entirely, which would require that you store only non-confidential information or invent a system of code words to protect key elements of your sensitive files. You can rely on a technique called steganography [62] to hide your sensitive information, rather than encrypting it. There are tools that can help with this, but using them properly requires very careful preparation, and you still risk incriminating yourself in the eyes of anyone who learns what tool you have used. You can try to store all of your sensitive information in a secure webmail account, but this demands a reliable network connection and a relatively sophisticated understanding of computers and Internet services. This technique also assumes that network encryption [40] is less incriminating than file encryption [40] and that you can avoid accidentally copying sensitive data onto your hard drive and leaving it there. You can keep sensitive information off of your computer by storing it on a USB memory stick or portable hard drive. However, such devices are typically even more vulnerable than computers to loss and confiscation, so carrying around sensitive, unencrypted information on them is usually a very bad idea. If necessary, you can employ a range of such tactics. However, even in circumstances where you are concerned about self-incrimination, it may be safest to use TrueCrypt [58] anyway, while attempting to disguise your encrypted [40] volume as best you can. If want to make your encrypted volume less conspicuous, you can rename it to look like a different type of file. Using the '.iso' file extension, to disguise it as a CD image, is one option that works well for large volumes of around 700 MB. Other extensions would be more realistic for smaller volumes. This is a bit like hiding your safe behind a painting on the wall of your office. It might not hold up under close inspection, but it will offer some protection. You can also rename the TrueCrypt [58] program itself, assuming you have stored it as you would a regular file on your hard drive or USB memory stick, rather than installing it as a program. The TrueCrypt Guide [59] explains how to do this. Considering the risk of identifying your sensitive information Often, you may be less concerned about the consequences of 'getting caught' with encryption [40] software on your computer or USB memory stick and more concerned that your encrypted volume will indicate precisely where you store the information that you most wish to protect. While it may be true that no one else can read it, an intruder will know that it is there, and that you have taken steps to protect it. This exposes you to various non-technical methods through which that intruder might attempt to gain access, such as intimidation, blackmail, interrogation and torture. It is in this context that TrueCrypt's [58] deniability feature, which is discussed in more detail below, comes into play. TrueCrypt's [58] deniability feature is one of the ways in which it goes beyond what is typically offered by file encryption [40] tools. This feature can be thought of as a peculiar form of steganography [62] that disguises your most sensitive information as other, less sensitive, hidden data. It is analogous to installing a subtle 'false bottom' inside that not-so-subtle office safe. If an intruder steals your key, or intimidates you into giving her the safe's combination, she will find some convincing 'decoy' material, but not the information that you truly care about protecting. Only you know that your safe contains a hidden compartment in the back. This allows you to 'deny' that you are keeping any secrets beyond what you have already given to the intruder, and might help protect you in situations where you must reveal a password for some reason. Such reasons might include legal or physical threats to your own safety, or that of your colleagues, associates, friends and family members. The purpose of deniability is to give you a chance of escaping from a potentially dangerous situation even if you choose to continue protecting your data. As discussed in the Considering the risk of self-incrimination section, however, this feature is much less useful if merely being caught with a safe in your office is enough to bring about unacceptable consequences. TrueCrypt's [58] deniability feature works by storing a 'hidden volume' inside your regular encrypted [40] volume. You open this hidden volume by providing an alternate password that is different from the one you would normally use. Even if a technically sophisticated intruder gains access to the standard volume, he will be unable to prove that a hidden one exists. Of course, he may very well know that TrueCrypt [58] is capable of hiding information in this way, so there is no guarantee that the threat will disappear as soon as you reveal your decoy password. Plenty of people use TrueCrypt [58] without enabling its deniability feature, however, and it is generally considered impossible to determine, through analysis, whether or not a given encrypted [40] volume contains this kind of 'false bottom'. That said, it is your job to make sure that you do not reveal your hidden volume through less technical means, such as leaving it open or allowing other applications to create shortcuts to the files that it contains. The Further reading [63] section, below, can point you to more information about this. Claudia: Alright, so let's toss some junk into the standard volume, and then we can move all our testimonies into the hidden one. Do you have some old PDFs or something we can use? Pablo: Well, I was thinking about that. I mean, the idea is for us to give up the decoy password if we have no other choice, right? But, for that to be convincing, we need to make sure those files look kind of important, don't you think? Otherwise, why would we bother to encrypt them? Maybe we should use some unrelated financial documents or a list of website passwords or something. Further reading 13 For additional information on securing your files, see the 2.4 Cryptology chapter, the 2.8 Steganography Chapter and 4.2 Case Study 3 from the Digital Security and Privacy for Human Rights Defenders [25] book. The TrueCrypt Documentation [64] discusses in details many aspects of information encryption and TrueCrypt FAQ [65] provides answers to some common questions about TrueCrypt. 5. How to recover from information loss Each new method of storing or transferring digital information tends to introduce several new ways in which the information in question can be lost, taken or destroyed. Years of work can disappear in an instant, as a result of theft, momentary carelessness, the confiscation of computer hardware, or simply because digital storage technology is inherently fragile. There is a common saying among computer support professionals: "it's not a question of if you will lose your data; it's a question of when." So, when this happens to you, it is extremely important that you already have an up-to-date backup and a well-tested means of restoring it. The day you are reminded about the importance of a backup system is generally the day after you needed to have one in place. Although it is one of the most basic elements of secure computing, formulating an effective backup policy is not as simple as it sounds. It can be a significant planning hurdle for a number of reasons: the need to store original data and backups in different physical locations, the importance of keeping backups confidential, and the challenge of coordinating among different people who share information with one another using their own portable storage devices. In addition to backup and file-recovery tactics, this chapter addresses two specific tools, Cobian Backup [66] and Recuva [67] . Background scenario Elena is an environmentalist in a Russian-speaking country, where she has begun to create a website that will rely on creative presentation of images, videos, maps and stories to highlight the extent of illegal deforestation in the region. She has been collecting documents, media files and geographic information about logging for years, and most of it is stored on an old Windows computer in the office of the NGO where she works. While designing a website around this information, she has come to realize its importance and to worry about preserving it in the event that her computer should be damaged, especially if it should happen before she gets everything copied up to the website. Other members of her organization sometimes use the computer, so she also wants to learn how to restore her files if someone accidentally deletes the folder containing her work. She asks her nephew Nikolai to help her develop a backup strategy. What you can learn from this chapter How to organise and back up your information Where you should store your backups How you can manage your backups securely How to recover files that have been deleted accidentally Identifying and organising your information While it is clearly important that you take steps to prevent disaster, by making sure that your information is physically safe, free of malware [2] and protected by a good firewall [68] and strong passwords, on their own these steps are not enough. There are simply too many things that can go wrong, including virus attacks, hackers [1] , electrical short circuits, power spikes, water spills, theft, confiscation, demagnetisation, operating system crashes and hardware failure, to name just a few. Preparing for disaster is just as important as defending against it. Elena: I know backup is important, Nikolai, but doesn't that mean I should have someone else set it up for me? I mean, am I really going to have the time, resources and expertise to do this on my own? Nikolai: You'll be fine. Coming up with a good backup plan takes a bit of thought, but it doesn't take all that much time or money. And, compared with losing all of your information, you can hardly call it inconvenient, right? Besides, backup is definitely one of those things that you should manage yourself. Unless the people who normally help you out with tech support are extremely reliable and extremely well-informed about where you keep your digital information, you're better off setting things up on your own. The first step to formulating a backup policy is to picture where your personal and work information is currently located. Your email, for example, may be stored on the provider's mail server, on your own computer, or in both places at once. And, of course, you might have several email accounts. Then, there are important documents on the computers you use, which may be in the office or at home. There are address books, chat histories and personal program settings. It is also possible that some information is stored on removable media as well, including USB memory sticks, portable hard drives, CDs, DVDs, and old floppy disks. Your mobile phone contains a list of contacts and may have important text messages stored in it. If you have a website, it may contain a large collection of articles built up over years of work. And, finally, don't forget your non-digital information, such as paper notebooks, diaries and letters. Next, you need to define which of these files are 'master copies,' and which are duplicates. The master copy is generally the most up-to-date version of a particular file or collection of files, and corresponds to copy that you would actually edit if you needed to update the content. Obviously, this distinction does not apply to files of which you have only one copy, but it is extremely important for certain types of information. One common disaster scenario occurs when only duplicates of an important document are backed up, and the master copy itself gets lost or destroyed before those duplicates can be 14 updated. Imagine, for example, that you have been travelling for a week while updating the copy of a particular spreadsheet that you keep on your USB memory stick. At this point, you should begin thinking of that copy as your master copy, because the periodic, automated backups of the outdated version on your office computer are no longer useful. Try to write down the physical location of all master and duplicate copies of the information identified above. This will help you clarify your needs and begin to define an appropriate backup policy. The table below is a very basic example. Of course, you will probably find that your list is much longer, and contains some 'storage devices' with more than one 'data type' and some data types that are present on multiple devices. Data Type Master/Duplicate Storage Device Location Electronic documents Master Computer hard drive Office A few important electronic documents Duplicate USB memory stick With me Program databases (photos, address book, calendar, etc.) Master Computer hard drive Office A few electronic documents Duplicate CDs Home Email & email contacts Master Gmail account Internet Text messages & phone contacts Master Mobile phone With me Printed documents (contracts, invoices, etc.) Master Desk drawer Office In the table above, you can see that: The only documents that will survive if your office computer's hard drive crashes are the duplicates on your USB memory stick and the CD copies at home. You have no offline copy of your email messages or your address book, so if you forget your password (or if someone manages to change it maliciously), you will lose access to them. You have no copies of any data from your mobile phone. You have no duplicate copies, digital or physical, of printed documents such as contracts and invoices. Defining your backup strategy To back up all of the data types listed above, you will need a combination of software and process solutions. Essentially, you need to make sure that each data type is stored in at least two separate locations. Electronic documents - Create a full backup of the documents on your computer using a program like Cobian Backup [66] , which is described in more detail below. Store the backup on something portable so that you can take it home or to some other safe location. External hard drives, CD/DVDs or USB memory sticks are possible choices. Some people use CDs or DVDs for this, since the risk of overwriting and losing your backup is lower. Blank CDs may be cheap enough to allow you to use a new one every time you make a backup. Because this category of data often contains the most sensitive information, it is particularly important that you protect your electronic document backups using encryption. You can learn how to do this in Chapter 4: How to protect the sensitive files on your computer [41] and in the TrueCrypt Guide [59] . Program databases - Once you have determined the location of your program databases, you can back them up in the same way as electronic documents. Email - Rather than accessing your email only through a web browser, install an email client like Thunderbird [69] and configure it to work with your account. The Thunderbird Guide [70] explains in detail how to do this. Also most webmail services will provide instructions on how to use such programs and, often, how to import your email addresses into them. You can learn more about this in the Further Reading section, below. If you choose to move your old email messages to your computer so they are not stored on the server (e.g. for security reasons), make sure that you include them in the backup of electronic documents described above. Mobile phone contents - To back up the phone numbers and text messages on your mobile phone, you can connect it to your computer using the appropriate software, which is generally available from the website of the company that manufactured your phone. You may need to buy a special USB cable to do this. Printed documents - Where possible, you should scan all of your important papers, then back them up along with your other electronic documents, as discussed above. In the end, you should have rearranged your storage devices, data types and backups in a way that makes your information much more resistant to disaster: Data Type Master/Duplicate Storage Device Location Electronic documents Master Computer hard drive Office Electronic documents Duplicate CDs Home A few important electronic documents Duplicate USB memory stick With me 15 Data Type Master/Duplicate Storage Device Location Program databases Master Computer hard drive Office Program databases Duplicate CDs Home Data Type Master/Duplicate Storage Device Location Email & email contacts Duplicate Gmail account Internet Email & email contacts Master Thunderbird on office computer Office Data Type Master/Duplicate Storage Device Location Text messages & mobile phone contacts Master Mobile phone With me Text messages & mobile phone contacts Duplicate Computer hard drive Office Text messages & mobile phone contacts Duplicate Backup SIM Home Data Type Master/Duplicate Storage Device Location Printed documents Master Desk drawer Office Scanned documents Duplicate CDs At home Elena: I know some people who keep all of their important documents on Gmail, by attaching them to 'draft' messages or emails to themselves. Would that count as a 'second physical location' for my files? Nikolai: It might help you recover if you lose one or two very important documents, but it's pretty awkward. Honestly, how many documents per week would you be willing to back up like that? Plus, you need to consider whether or not those attachments are safe, especially if you're at all worried about your email being monitored. Unless you're connecting to Gmail securely, this is a bit like handing over your sensitive information on a silver platter. Using an HTTPS connection to Gmail in order to back up small Truecrypt volumes or KeePass database files would be pretty safe, because they're encrypted, but I really wouldn't recommend this as a general-purpose backup strategy. Creating a digital backup Of the various data types discussed here, it is the 'electronic documents' that people tend to worry about most when establishing a backup policy. This term is somewhat ambiguous, but generally refers to files that you keep track of yourself and that you open manually, either by double-clicking on them or by using a particular application's File menu. Specifically, it includes text files, word processing documents, presentations, PDFs and spreadsheets, among other examples. Unlike email messages, for example, electronic documents are generally not synchronised with remote copies over the Internet. When backing up your electronic documents, you should remember to back up your program databases, as well. If you use a calendar application or an electronic address book, for example, you will need to find the folder in which these programs store their data. Hopefully, these databases will be in the same location as your electronic documents, as they are often kept inside your My Documents folder on a Windows computer. If that is not the case, however, you should add the appropriate folders to your regular backup. Email stored by an application such as Thunderbird [69] is a special example of a program database. If you use an email program, especially if you are unable or unwilling to store a copy of your messages on the server, then you must ensure that this email database is included in your regular backup. You may consider image and video files to be electronic documents or items within a program database, depending on how you interact with them. Applications like Windows Media player and iTunes, for example, work like databases. If you use programs like this, you might have to search your hard drive to learn where they store the actual media files that they help manage. Storage devices Before you can back up your electronic documents, you must decide what kind of storage device you will use. USB disk or memory sticks - USB disk or memory sticks can be quite inexpensive, and offer large capacity. They are easy to erase or overwrite numerous times. USB disk or memory sticks have a limited lifetime, which greatly depends on ways and frequency of usage but is generally estimated to be around 10 years. Compact Discs (CDs) CDs store around 700 Megabytes (MB) of data. You will need a CD burner [71] and blank discs in order to create a CD backup. If you want to erase a CD and update the files stored on it, you will need to have a CD-RW burner and rewritable CDs. All major operating systems, including Windows XP, now include built-in software that can write CDs and CD-RWs. Keep in mind that the information written on these discs may begin to deteriorate after five or ten years. If you need to store a backup for longer than that, you will have to recreate the CDs occasionally, buy special 'long life' discs or use a different backup method. Digital Video Discs (DVDs) - DVDs store up to 4.7 Gigabytes (GB) of data. They work much like CDs but require slightly more expensive equipment. You will need a DVD or DVD-RW burner [71] , and appropriate discs. As with a CD, the data written on a normal DVD will eventually begin to fade. Remote server - A well-maintained network backup server may have almost unlimited capacity, but the speed and stability 16 of your own Internet connection will determine whether or not this is a realistic option. Keep in mind that running a backup server in your own office, while faster than copying information over the Internet, violates the requirement that you keep a copy of your important data in two different physical locations. There are free storage services on the Internet, as well, but you should very carefully consider the risks of putting your information online and you should always encrypt your backups before uploading them to servers run by organisations or individuals whom you do not know and trust. See the Further reading [72] section for a few examples. Backup Software Cobian Backup is a user-friendly tool that can be set to run automatically, at regularly scheduled times, and to include only files that have changed since your last backup. It can also compress backups to make them smaller. Hands-on: Get started with the Cobian Backup Guide [73] As always, it is a good idea to encrypt your backup files using a tool such as TrueCrypt [58] . More information about about data encryption can be found in Chapter 4: How to protect the sensitive files on your computer [41] . Hands-on: Get started with the TrueCrypt - Secure File Storage Guide [59] When using these backup tools, there are a few things you can do to help your backup system work smoothly: Organise the files on your computer. Try to move all of the folders that contain electronic documents you intend to back up into a single location, such as inside the My Documents folder. If you use software that stores its data in an application database, you should first determine the location of that database. If it is not in a convenient location, see if the program will allow you to choose a new location for its database. If it does, you can put it in the same folder as your electronic documents. Create a regular schedule to perform your backup. Try to establish procedures for all of the staff in your office who do not already have a reliable, secure backup policy. Help your coworkers understand the importance of this issue. Make sure to test the process of recovering data from your backup. Remember that, in the end, it is the restore procedure, not the backup procedure, that you really care about! Elena: Alright, so I made an encrypted backup while I was at work, and I put it on a CD. Cobian is scheduled to update my backup in a few days. My desk at work has a drawer that locks, and I'm planning to keep these backup CDs in there so they won't get lost or broken. Nikolai: But what if your office burns down? Computer, desk, backup CDs and all? Or, what if your website forum gets used to plan some giant environmental demonstration, the authorities crack down, things get out of hand, and the organisation is raided? I doubt your little desk lock will keep the police from confiscating those CDs. What about keeping them at home, or asking a friend to store them for you? Recovering from accidental file deletion When you delete a file in Windows, it disappears from view, but its contents remain on the computer. Even after you empty the Recycle Bin, information from the files you deleted can usually still be found on the hard drive. See Chapter 6: How to destroy sensitive information [61] to learn more about this. Occasionally, if you accidentally delete an important file or folder, this security vulnerability can work to your advantage. There are several programs that can restore access to recently-deleted files, including a tool called Recuva [74] . Hands-on: Get started with the Recuva - File Recovery Guide [74] These tools do not always work, because Windows may have written new data over your deleted information. Therefore, it is important that you do as little as possible with your computer between deleting a file and attempting to restore it with a tool like Recuva [74] . The longer you use your computer before attempting to restore the file, the less likely it is that you will succeed. This also means that you should use the portable version of Recuva instead of installing it after deleting an important file. Installing the software requires writing new information to the file system, which may coincidentally overwrite the critical data that you are trying to recover. While it might sound like a lot of work to implement the policies and learn the tools described in this chapter, maintaining your backup strategy, once you have a system in place, is much easier than setting it up for the first time. And, given that backup may be the single most important aspect of data security, you can rest assured that going through this process is well worth the effort. Further reading More information on backup and data recovery can be found in the 2.3 Information Backup, Destruction and Recovery chapter of the Digital Security and Privacy for Human Rights Defenders [25] book. Note that online backup brings new risks. At minimum, remember to encrypt your sensitive information separately yourself before you upload it to the server. Assuming you do the step above, there are free online data storage services as a convenient way to back up your information. Some options include: Wuala [75] , SpiderOak [76] , 17 Google Drive [77] , tahoe-lafs [78] . There is an excellent article on data recovery in Wikipedia [79] . 6. How to destroy sensitive information The previous chapters have discussed a number of tools and habits that can help you protect your sensitive data, but what happens when you decide that you no longer need to keep a piece of information? If you determine, for example, that your encrypted backup copies of a particular file are sufficient, and you want to delete the master, what is the best way to do so? Unfortunately, the answer is more complicated than you might think. When you delete a file, even after you empty the Recycle bin, the contents of that file remain on your hard drive and can be recovered by anyone who has the right tools and a little luck. In order to ensure that deleted information does not end up in the wrong hands, you will have to rely on special software that removes data securely and permanently. Eraser [80] is one such tool, and is discussed below. Using Eraser [80] is a bit like shredding a paper document rather than simply tossing it into a bin and hoping that nobody finds it. And, of course, deleting files is only one example of a situation in which you might need to destroy sensitive data. If you consider the details that someone, particularly a powerful, politically-motivated adversary, could learn about you or your organisation by reading certain files that you thought you had deleted, you will probably think of a few more examples of data that you'd like to permanently erase, by destroying outdated backups, wiping [81] old hard drives before giving them away, deleting old user accounts, and clearing your web browsing history, for example. CCleaner [82] , the other tool described in this chapter, can help you face the challenge of deleting the many temporary files that your operating system and applications create every time you use them. Background scenario Elena is an environmentalist in a Russian-speaking country, where she maintains an increasingly-popular website that highlights the extent of illegal deforestation in the region. She has created a backup of the information used to create the website, and she keeps copies of it at home, in the office and on her new laptop. Recently, she has also begun to store a copy of the webserver's visitor logs and the database containing her users' forum posts. Elena will soon be travelling internationally, to attend a large global conference of environmental activists, some of whom have reported having their laptops taken away for over an hour at border-crossings. To protect her sensitive information, and the safety of her more political forum participants, she has moved her home and office backups onto a TrueCrypt volume and removed the copy from her laptop. She asked her nephew Nikolai for advice, and he has warned her that she needs to do more than just delete her old backup if she is worried about having her computer seized by border officials. What you can learn from this chapter How to remove sensitive information from your computer permanently How to remove information stored on removable storage devices like CDs and USB memory sticks How to prevent someone from learning what documents you have previously been viewing on your computer How to maintain your computer so that deleted files cannot be recovered in the future Deleting information From a purely technical perspective, there is no such thing as a delete function on your computer. Of course, you can drag a file to the Recycle Bin and empty the bin, but all this really does is clear the icon, remove the file's name from a hidden index of everything on your computer, and tell Windows that it can use the space for something else. Until it actually does use that space, however, the space will be occupied by the contents of the deleted information, much like a filing cabinet that has had all of its labels removed but still contains the original files. This is why, if you have the right software and act quickly enough, you can restore information that you've deleted by accident, as discussed in Chapter 5: How to recover from information loss [43] . You should also keep in mind that files are created and insecurely deleted, without your knowledge, every time you use your computer. Suppose, for example, that you are writing a large report. It may take you a week, working several hours each day, and every time the document is saved, Windows will create a new copy of the document and store it on your hard drive. After a few days of editing, you may have unknowingly saved several versions of the document, all at different stages of completion. Windows generally deletes the old versions of a file, of course, but it does not look for the exact location of the original in order to overwrite it securely when a new copy is made. Instead, it simply puts the latest version into a new section of the metaphorical filing cabinet mentioned above, moves the label from the old section to the new one, and leaves the previous draft where it was until some other program needs to use that space. Clearly, if you have a good reason to destroy all traces of that document from your filing cabinet, removing the latest copy is not going to be enough, and simply throwing away the label would be even worse. Remember, too, that computer hard drives are not the only devices that store digital information. CDs, DVDs, USB memory sticks, floppy disks, flash memory cards from mobile phones and removable hard drives all have the same issues, and you should not trust a simple delete or rewrite operation to clear sensitive information from any of them. 18 Wiping information with secure deletion tools When you use a secure deletion tool, such as those recommended in this chapter, it would be more accurate to say that you are replacing, or 'overwriting,' your sensitive information, rather than simply deleting it. If you imagine that the documents stored in those hypothetical filing cabinet discussed above are written in pencil, then secure deletion software not only erases the content, but scribbles over the top of every word. And, much like pencil lead, digital information can still be read, albeit poorly, even after it has been erased and something has been written over the top of it. Because of this, the tools recommended here overwrite files with random data several times. This process is called wiping [81] , and the more times information is overwritten, the more difficult it becomes for someone to recover the original content. Experts generally agree that three or more overwriting passes should be made; some standards recommend seven or more. Wiping [81] software automatically makes a reasonable number of passes, but you can change that number if you like. Wiping files There are two common ways to wipe [81] sensitive data from your hard drive or storage device. You can wipe [81] a single file or you can wipe [81] all of the 'unallocated' space on the drive. When making this decision, it may be helpful to think about the other hypothetical example proposed earlier--the long report that may have left incomplete copies scattered throughout your hard drive even though only one file is visible. If you wipe [81] the file itself, you guarantee that the current version is completely removed, but you leave the other copies where they are. In fact, there is no way to target those copies directly, because they are not visible without special software. By wiping [81] all of the blank space on your storage device, however, you ensure that all previously-deleted information is destroyed. Returning to the metaphor of the poorly-labeled file cabinet, this procedure is comparable to searching through the cabinet, then erasing and scribbling repeated over any documents that have already had their labels removed. Eraser [80] is a free and open-source secure deletion tool that is extremely easy to use. You can wipe [81] files with Eraser [80] in three different ways: by selecting a single file, by selcting the contents of the Recycle Bin, or by wiping [81] all unallocated space on the drive. Eraser [80] can also wipe [81] the contents of the Windows swap file [83] , which is discussed further below. Hands-on: Get started with the Eraser - Secure File Removal Guide [84] While secure deletion tools will not damage any visible files unless you explicitly wipe [81] them, it is still important to be careful with software like this. After all, accidents happen, which is why people find Recycle Bins and data recovery tools so useful. If you get accustomed to wiping [81] your data every time you delete something, you may find yourself with no way to recover from a simple mistake. Always make sure you have a secure backup before wiping [81] large amounts of data from your computer. Elena: I know word processing programs like Microsoft Word and Open Office sometimes make temporary copies of a file while you're working on it. Do other programs do that too, or should I mostly just worry about files that I create and delete myself? Nikolai: Actually, there are lots of places on your computer where programs leave traces of your personal information and online activities. I'm talking about websites you've visited, draft emails you've worked on recently and other things like that. All of this stuff could be sensitive, depending on how often you use that computer. Wiping temporary data The feature that allows Eraser [80] to wipe [81] all unallocated space on a drive is not as risky as it might sound, because it only wipes [81] previously-deleted content. Normal, visible files will be unaffected. On the other hand, this very fact serves to highlight a separate issue: Eraser [80] can not help you clean up sensitive information that has not been deleted, but that may be extremely well-hidden. Files containing such data may be tucked away in obscure folders, for example, or stored with meaningless filenames. This is not a major issue for electronic documents, but can be very important for information that is collected automatically whenever you use your computer. Examples include: Temporary data recorded by your browser while displaying webpages, including text, images, cookies [85] , account information, personal data used to complete online forms and the history of which websites you have visited. Temporary files saved by various applications in order to help you recover should your computer crash before you can save your work. These files might contain text, images, spreadsheet data and the names of other files, along with other potentially sensitive information. Files and links stored by Windows for the sake of convenience, such as shortcuts to applications you have used recently, obvious links to folders that you might prefer to keep hidden and, of course, the contents of your Recycle Bin should you forget to empty it. The Windows swap file [83] . When your computer's memory is full, for example when you have been running several programs at the same time on an older computer, Windows will sometimes copy the data you are using into a single large file called the swap file [83] . As a result, this file might contain almost anything, including webpages, document content, passwords or encryption keys. Even when you shut down your computer, the swap file [83] is not removed, so you must wipe it manually. In order to remove common temporary files from your computer, you can use a freeware tool called CCleaner [82] , which was designed to clean up after software like Internet Explorer, Mozilla Firefox [13] and Microsoft Office applications (all of which are known to expose potentially sensitive information), as well as cleaning Windows itself. CCleaner [82] has the 19 ability to delete files securely, which saves you from having to wipe [81] unallocated drive space, using Eraser [80] , after each time you run it. Hands-on: Get started with the CCleaner - Secure File Deletion and Work Session Wiping Guide [86] Tips on using secure deletion tools effectively You are now familiar with a few of the ways in which information might be exposed on your computer or storage device, even if you are dilligent about erasing sensitive files. You also know what tools you can use to wipe [81] that information permanently. There are a few simple steps that you should follow, especially if it is your first time using these tools, in order to ensure that your drive is cleaned safely and effectively: Create an encrypted backup of your important files, as discussed in Chapter 5: How to recover from information loss [43] . Close down all unnecessary programs and disconnect from the Internet. Delete all unnecessary files, from all storage devices, and empty the Recycle Bin Wipe [81] temporary files using CCleaner [82] . Wipe [81] the Windows swap file [83] using Eraser [80] . Wipe [81] all of the free space on your computer and other storage devices using Eraser [80] . You might need to let this procedure run overnight, as it can be quite slow. You should then get into the habit of: Periodically using CCleaner [82] to wipe [81] temporary files Wiping [81] sensitive electronic documents using Eraser [80] , instead of using the Recycle Bin or the Windows delete function Periodically using Eraser [80] to wipe [81] the Windows swap file [83] Periodically using Eraser [80] to wipe [81] all unallocated space on your hard drives, USB memory sticks, and any other storage devices that may have had sensitive information deleted from them recently. This might include floppy disks, rewritable CDs, rewritable DVDs and removable flash memory cards from cameras, mobile phones or portable music players. Tips on wiping the entire contents of a storage device You might occasionally need to wipe [81] a storage device completely. When you sell or give away an old computer, it is best to remove the hard drive and let the computer's new owner acquire one for herself. If this is not an option, however, you should at least wipe [81] the drive thoroughly with Eraser [80] before handing it over. And, even if you do keep the drive, you will probably want to wipe [81] it anyway, regardless of whether you intend to reuse or discard it. Similarly, if you purchase a new hard drive, you should wipe [81] your old one after copying your data and making a secure backup. If you are intending to throw away or recycle an old drive, you should also consider destroying it physically. (Many computer support professionals recommend a few strong blows with a hammer before discarding any data-storage device that once contained sensitive information.) In any of the situations described above, you will need to use Eraser [80] to wipe [81] an entire hard drive, which is impossible as long as the operating system is running on that particular drive. The easiest way to get around this issue is to remove the drive and put it into an external USB 'drive enclosure,' which you can then plug into any computer with Eraser [80] installed on it. At that point, you can delete the full contents of the external drive and then use Eraser [80] to wipe [81] all of its unallocated space. Fortunately, this is not something you will have to do often, as it may take quite some time. Rather than trying to wipe [81] data that have been stored on a rewritable CD or DVD, it is often better to destroy the disc itself. If necessary, you can create a new one containing any information you wish to keep. And, of course, this is the only way to 'erase' content from a non-rewritable disc. It is surprisingly difficult to destroy the contents of a CD or DVD completely. You may have heard stories about information being recovered from such discs even after they were cut into small pieces. While these stories are true, reconstructing information in this way takes a great deal of time and expertise. You will have to judge for yourself whether or not someone is likely to expend that level of resources in order to access your data. Typically, a sturdy pair of scissors (or a very sturdy paper shredder) will do the job nicely. If you want to take extra precautions, you can mix up the resulting pieces and dispose of them in various locations far from your home or office. Elena: I still have an old CD backup of the webserver logs, and I heard that you can erase a CD by putting it in the microwave. Somehow, though, it sounds like a really bad idea to me. Do people really do that? Does it work? Nikolai: I imagine it destroys the data pretty effectively, but I wouldn't know, because I'd never put a CD in my microwave! You're right. That sounds like a terrible idea. Even if the metal doesn't damage your microwave or start a fire, I bet that plastic would give off some pretty unhealthy fumes. Come to think of it, I wouldn't recommend burning CDs in a fire, either. Further reading While it does not use secure deletion techniques to wipe them permanently, Firefox does provide a built-in way to 20 clear many of its own temporary files. This feature is described in the Firefox Guide [16] . The CCleaner FAQ [87] provides additional information about installing and using the tool. Although much of the paper is quite technical, the introduction of Peter Guttmann's Secure Deletion of Data from Magnetic and Solid-State Memory [88] is worth reading, as the method [89] he describes has had a major influence on the developers of Eraser and other secure file removal tools. 7. How to keep your Internet communication private The convenience, cost-effectiveness and flexibility of email and instant messaging make them extremely valuable for individuals and organizations with even the most limited access to the Internet. For those with faster and more reliable connections, software such as Jitsi [90] , Skype [34] and other Voice-over-IP VoIP [91] tools also share these characteristics. Unfortunately, these digital alternatives to traditional means of communication can not always be relied upon to keep sensitive information private. Of course, this is nothing new. Postal mail, telephone calls and text messages are all vulnerable as well, particularly when used by those who may have been targeted for surveillance by the authorities. One important difference between digital, Internet-based communication techniques and more traditional methods, is that the former often allow you to determine your own level of security. If you send emails, instant messages and VoIP [91] conversations using insecure methods, they are almost certainly less private than letters or telephone calls. In part, this is because a few powerful computers can automatically search through a large amount of digital information to identify senders, recipients and specific key words. Greater resources are required to carry out the same level of surveillance on traditional communication channels. However, if you take certain precautions, the opposite can be true. The flexibility of Internet communication tools and the strength of modern encryption [40] can now provide a level of privacy that was once available only to national military and intelligence organizations. By following the guidelines and exploring the software discussed in this chapter, you can greatly improve your communication security. The RiseUp [92] email service, the Off the Record OTR [93] plugin for the Pidgin [94] instant messaging program, Mozilla Firefox [13] and the Enigmail [95] add-on for the Mozilla Thunderbird [69] email client are all excellent tools. While using them, however, you should keep in mind that the privacy of a given conversation is never one hundred percent guaranteed. There is always some threat that you did not consider, be it a keylogger [96] on your computer, a person listening at the door, a careless email correspondent or something else entirely. The goal of this chapter is to help you reduce even the threats that do not occur to you, while avoiding the extreme position, favoured by some, that you should not send anything over the Internet that you are not willing to make public. Claudia and Pablo work with a human rights NGO in a South American country. After spending several months collecting testimonies from witnesses to the human rights violations that have been committed by the military in their region, Claudia and Pablo have begun taking steps to protect the resulting data. They have kept only the information they need, which they store in a TrueCrypt partition that is backed up in several physical locations. While preparing to publish certain aspects of these testimonies in a report, they have found that they must discuss sensitive information with a few of their colleagues in another country. Although they have agreed not to mention names or locations, they still want to ensure that their email and instant messaging conversations on this topic remain private. After calling a meeting to discuss the importance of communication security, Claudia has asked if anyone in the office has questions. What you can learn from this chapter Why most webmail and instant messaging services are not secure How to create a new and more secure email account How to improve the security in your current email account How to use a secure instant messaging service What to do if you think someone might be accessing your email How to verify the identity of an email correspondent Securing your email There are a few important steps that you can take in order to increase the security of your email communication. The first is to make sure that only the person to whom you send a given message is able to read it. This is discussed in the Keeping your webmail private [97] and Switching to a more secure emailaccount [98] sections, below. Going beyond the basics, it is sometimes critical that your email contacts have the ability to verify that a particular message truly came from you and not from someone who might be attempting to impersonate you. One way to accomplish this is described under Advanced email security [99] , in the Encrypting and authenticating individual email messages [100] section. You should also know what to do if you think the privacy of your email account may have been violated. The Tips on responding to suspected email surveillance [101] section addresses this question. Remember, too, that secure email will not do you any good if everything you type is recorded by spyware and periodically sent over the Internet to a third party.Chapter 1: How to protect your computer from malware and hackers [56] offers some advice on how to prevent this sort of thing, and Chapter 3: How to create and maintain secure passwords [37] will help you protect your accounts for the email and instant messaging tools described below. Keeping your webmail private 21 The Internet is an open network through which information typically travels in a readable format. If a normal email message is intercepted on the way to a recipient, its contents can be read quite easily. And, because the Internet is just one large, worldwide network that relies on intermediary computers to direct traffic, many different people may have the opportunity to intercept a message in this way. Your Internet Service Provider ISP [102] is the first recipient of an email message as it begins its journey to the recipient. Similarly, the recipient's ISP [102] is the last stop for your message before it is delivered. Unless you take certain precautions, your messages can be read or tampered with at either of these points, or anywhere in between. Pablo: I was talking to one of our partners about all this, and she said that she and her colleagues sometimes just save important messages in the 'Drafts' folder of a webmail account where they all share a password. It sounds kind of strange to me, but would it work? I mean, wouldn't that prevent anyone from reading the messages, since they're never actually sent? Claudia: Any time you read an email on your computer, even if it's just a 'draft,' its contents have been sent to you over the Internet. Otherwise, it couldn't appear on your screen, right? The thing is, if someone has you under surveillance, they don't just monitor your email messages, they can scan all readable information going to and from your computer. In other words, this trick wouldn't work unless everyone connects securely to that shared webmail account. And, if they do, then it really doesn't hurt to create separate accounts or to go ahead and hit that 'send' button. It has long been possible to secure the Internet connection between your computer and the websites that you visit. You often encounter this level of security when entering passwords or credit card information into websites. The technology that makes it possible is called Secure Sockets Layer SSL [103] encryption [40] . You can tell whether or not you are using SSL [103] by looking closely at your Web browser's address bar. All Web addresses normally begin with the letters HTTP, as can be seen in the example below: When you are visiting a secure website, its address will begin with HTTPS. The extra S on the end signifies that your computer has opened a secure connection to the website. You may also notice a 'lock' symbol, either in the address bar or in the status bar at the bottom of your browser window. These are clues to let you know that anyone who might be monitoring your Internet connection will no longer be able to eavesdrop on your communication with that particular website. In addition to protecting passwords and financial transactions, this type of encryption [104] is perfect for securing your webmail. However, many webmail providers do not offer secure access, and others require that you enable it explicitly, either by setting a preference or by typing in the HTTPS manually. You should always make sure that your connection is secure before logging in, reading your email, or sending a message. You should also pay close attention if your browser suddenly begins to complain about invalid security certificates [105] when attempting to access a secure webmail account. It could mean that someone is tampering with the communication between your computer and the server in order to intercept your messages. Finally, if you rely on webmail to exchange sensitive information, it is important that your browser be as reliable as possible. Consider installing Mozilla Firefox [13] and its security-related add-ons. Hands-on: Get started with the Firefox with add-ons - Secure Web Browser Guide [16] Pablo: One of the guys who's going to be working on this report with us tends to use his Yahoo webmail account when he's not in the office.And I seem to remember somebody else using Hotmail. If I send a message to these guys, can other people read it? Claudia: Probably. Yahoo, Hotmail and plenty of other webmail providers have insecure websites that don't protect the privacy of their users' messages. We're going to have to change some people's habits if we want to be able to discuss these testimonies securely. Switching to a more secure email account Few webmail providers offer SSL [103] access to your email. Yahoo and Hotmail, for instance, provide a secure connection only while you log in, to protect your password, but your messages themselves are sent and received insecurely. In addition, Yahoo, Hotmail and some other free webmail providers insert the IP address [106] of the computer you are using into all of the messages you send. Gmail accounts, on the other hand, use a secure connection during log-in and all the way until you log out. You can confirm this along the way by looking at the address bar and observing the URL starting with 'https', where the 's' denotes a secure connection. And, unlike Yahoo or Hotmail, Gmail avoids revealing your IP address [106] to email recipients. However, it is not recommend that you rely entirely on Google for the confidentiality of your sensitive email communication. Google scans and records the content of its users' messages for a wide variety of purposes and has, in the past, conceded to the demands of governments that restrict digital freedom. See the Further reading [107] section for more information about Google's privacy policy. 22 If possible, you should create a new RiseUp [92] email account by visiting https://mail.riseup.net [108] .RiseUp [92] offers free email to activists around the world and takes great care to protect the information stored on their servers. They have long been a trusted resource for those in need of secure email solutions. And, unlike Google, they have very strict policies regarding their users' privacy and no commercial interests that might some day conflict with those policies. In order to create a new RiseUp [92] account, however, you will need two 'invite codes.' These codes can be given out by anyone who already has a RiseUp [92] account. If you have a bound copy of this booklet, you should have received your 'invite codes' along with it. Otherwise, you will need to find two [RiseUp]/glossary#RiseUp) users and ask them each to send you a code. Hands-on: Get started with the RiseUp - Secure Email Service Guide [109] Both Gmail and RiseUp [92] are more than just webmail providers. They can also be used with an email client, such as Mozilla Thunderbird [69] , that supports the techniques described under Advanced email security [99] . Ensuring that your email client makes an encrypted [40] connection to your provider is just as important as accessing your webmail through HTTPS. If you use an email client, see the Thunderbird Guide [70] for additional details. A the very least, however, you should be sure to enable SSL [103] or encryption [40] for both your incoming and outgoing mail servers. Pablo: So, should I switch to using RiseUp or I can keep using Gmail, and just switch to the secure 'https' address? Claudia: It's your call, but there are a few things you should definitely consider when choosing an email provider. First, do they offer a secure connection to your account? Gmail does, so you're OK there. Second, do you trust the administrators to keep your email private and not to read through it or share it with others? That one's up to you. And, finally, you need to think about whether or not it's acceptable for you to be identified with that provider. In other words, will it get you in trouble to use an email address that ends in 'riseup.net', which is known to be popular among activists, or do you need a more typical 'gmail.com' address? Regardless of what secure email tools you decide to use, keep in mind that every message has a sender and one or more recipients. You yourself are only part of the picture. Even if you access your email account securely, consider what precautions your contacts may or may not take when sending, reading and replying to messages. Try to learn where your contacts' email providers are located, as well. Naturally, some countries are more aggressive than others when it comes to email surveillance. To ensure private communication, you and your contacts should all use secure email services hosted in relatively safe countries. And, if you want to be certain that messsages are not intercepted between your email server and a contact's email server, you might all choose to use accounts from the same provider. RiseUp [92] is one good choice. Additional tips on improving your email security Always use caution when opening email attachments that you are not expecting, that come from someone you do not know or that contain suspicious subject lines. When opening emails like this, you should ensure that your anti-virus software is up-to-date and pay close attention to any warnings displayed by your browser or email program. Using anonymity software like Tor [110] , which is described in Chapter 8: How to remain anonymous and bypass censorship on the Internet [111] , can help you hide your chosen email service from anyone who might be monitoring your Internet connection. And, depending on the extent of Internet filtering in your country, you may need to use Tor [110] , or one of the other circumvention [112] tools described in chapter 8 [111] , just to access a secure email provider such as RiseUp [92] or Gmail. When creating an account that you intend to use while remaining anonymous from your own email recipients, or from public forums to which you might post messages by email, you must be careful not to register a username or 'Full Name' that is related to your personal or professional life. In such cases, it is also important that you avoid using Hotmail, Yahoo, or any other webmail provider that includes yourIP address [106] in the messages you send. Depending on who might have physical access to your computer, clearing email-related traces from your temporary files might be just as important as protecting your messages as they travel across the Internet. See Chapter 6: How to destroy sensitive information [61] and the CCleaner Guide [86] for details. You may consider using several different, anonymous email accounts for communicating with different groups of people to protect of your contact network. You may also use different email accounts for signing up to Internet services which require email accounts. After all above precautions it is still very important to beware of you write in the messages and what impact would it have if it fell into the wrong hands. One way of increasing the security of information exchange is to develope a code system for sensitive information exchange, so you would not use real names of the people, real addresses of places, etc. Tips on responding to suspected email surveillance If you suspect that someone is already monitoring your email, you may want to create a new account and keep the old one as a decoy. Remember, though, that any account with which you have exchanged email in the past may now be under surveillance as well. As a result, you should observe some additional precautions: Both you and your recent email contacts should create new accounts and connect to them only from locations, such as Internet cafes, that you have never used before. We recommend this strategy in order to prevent connections from your usual computer, which may be monitored, from giving away the location of your new account. As an alternative, if you must login to your new account from your normal location, you can use one of the tools described in Chapter 8: How to remain anonymous and bypass censorship on the Internet [111] , to hide these connections. Exchange information about these new email addresses only through secure channels, such as a face-to-face 23 meetings, secure instant messages or encrypted VoIP [91] conversations. Keep the traffic on your old account mostly unchanged, at least for a while. It should appear to the eavesdropper as if you are still using that account for sensitive communication. Presumably, you will want to avoid revealing critical information, but you should try not to make it obvious that you are doing so. As you can imagine, this may be somewhat challenging. Make it difficult to link your actual identity to your new account. Do not send email between the new account and your old accounts (or the accounts of any contacts whom you think may also be monitored). Be aware of what you write when using your new account. It is best to avoid using real names and addresses or phrases like 'human rights' or 'torture.' Develop an informal code system with your email contacts and change it periodically. Remember, email security is not just about having strong technical defences. It is about paying attention to how you and your email contacts communicate with each other, and about remaining disciplined in your non-technical security habits. Securing other Internet communication tools Much like email, instant messaging and VoIP [91] software can be secure or insecure, depending on the tools you choose and how you use them. Securing your instant messaging software Instant messaging, also called 'chat,' is not normally secure, and can be just as vulnerable to surveillance as email. Luckily, there are programs that can help secure the privacy of your chat sessions. Just like with email, though, a secure communications channel requires that both you and your instant messaging contacts use the same software and take the same security precautions. There is a chat program called Pidgin [94] that supports many existing instant messaging protocols, which means that you can easily begin using it without having to change your account name or recreate your list of contacts. In order to have private, encrypted [40] conversations through Pidgin [94] , you will need to install and activate the Off-the-Record OTR [93] plug-in. Fortunately, this is a fairly simple process. Hands-on: Get started with the Pidgin with OTR - Secure Instant Messaging Guide [113] Pablo: If Yahoo webmail is insecure, does that mean that Yahoo Chat is insecure, too? Claudia: The thing to remember is that, if we want to use instant messaging to discuss this report, we need to make sure that everyone involved has Pidgin and OTR installed. If they do, we can use Yahoo chat or any other chat service. Securing your VoIP software VoIP [91] calls to other VoIP [91] users are generally free of charge. Some programs allow you to make inexpensive calls to phones as well, including international numbers. Needless to say, these features can be extremely useful. Some of today's more popular VoIP [91] programs include Skype [114] (see below), Jitsi [115] , Google Talk [116] , Yahoo! Voice [117] , and MSN Messenger [118] . Normally, voice communication over the Internet is no more secure than unprotected email and instant messaging. When using voice communication to exchange sensitive information it is important to choose a tool that encrypts the call all the way from your computer to the recipient's computer. It also best to use Free and Open-Source Software, preferably those reviewed, tested, and recommended by a trusted community. Taking above criteria we would recommend that you try Jitsi [115] as your choice for VoIP. Notice about Skype's security Skype [34] is a very common instant messaging and VoIP tool that also supports calls to landlines and mobile phones. Despite its popularity, several issues make this software not a secure choice. Some of these issues are described below. While according to Skype, it encrypts [40] both messages and voice calls, this would only happen when both communicating sides are using Skype programs. Skype does not encrypt calls to phone or text sent as SMS messages. If both communicating sides are using (a genuine) Skype program, its encryption may make the call nominally more secure than an ordinary call over phone. But because Skype is a closed-source program, making an independent audit and evaluation of its proclamations about encryption impossible, it is thus impossible to verify how well Skype is protecting the users and their information and communication. Chapter 1: How to protect your computer from malware and hackers [56] addresses the virtues of Free and Open-Source Software FOSS [8] in the Keeping your software up-to-date [119] section. As mentioned, while we can't reccommend skype as a secure communication tool, it is very important to take some precautions if one still decides to use Skype as a tool for their sensitive communication: Download and install Skype only from its official website www.skype.com [114] to avoid a Skype program infected with spyware.It is important to always double-check the URL to make sure you are connecting to the official site. In some countries the Skype website is blocked, and/or several fake sites claiming to be Skype's official site are in operation. In many such cases, the version of Skype available is likely infected with malware designed to spy on any 24 communication. Use circumvention tools described in chapter 8 [111] to connect to the Skype website and download a genuine version of Skype program whenever you want to install or upgrade to newest version of the software. It is very important to change your Skype password regularly. Skype allows for multiple logins from different locations and does not inform you about the number of simultaneous sessions. This poses a big risk that if your password is compromised, anyone with that password can also be logged in. All logged sessions receive all the text communication and have access to calls history. Changing the password is the only way to disable such rogue sessions (by forcing a re-login). It is also advisable to set the privacy settings on Skype so that it does not keep a history of chats. It is recommended the Skype setting to automatically accept incoming files be disabled, as this has occasionally been used to introduce malware/spyware onto computers. Always independently verify the identity of a person with whom you are communicating. It is easier to do this when voice chatting, if you know t. Especially he person you want to talk to. Decide if your Skype username should identify your or have any relationship to your real name, or the name of you organisation. Always have alternative ways for communicating - Skype can become unavailable at any moment. Be careful of what you say - develop a code system to discuss sensitive topics without using specific terminology. Despite Skype's popularity, the above concerns make it questionable for a secure experience, and we recommend you start using tools like Jitsi for VoIP and Pidgin [94] with the OTR [93] plugin for secure instant messaging. Advanced Email Security The tools and concepts discussed below are recommended for experienced computer users. Using Public Key Encryption in Email It is possible to achieve a greater level of email privacy, even with an unsecured email account. In order to do this, you will need to learn about public key encryption [40] . This technique allows you to encode individual messages, making them unreadable to anyone but the intended recipients. The ingenious aspect of public key encryption [40] is that you do not have to exchange any secret information with your contacts about how you are going to encode messages in the future. Pablo: But how does all this work? Claudia: Clever mathematics! You encode messages to a given email contact using her special 'public key', which she can distribute freely. Then, she uses her secret 'private key', which she has to guard carefully, in order to read those messages. In turn, your contact uses your public key to encrypt messages that she writes to you. So, in the end, you do have to exchange public keys, but you can share them openly, without having to worry about the fact that anybody who wants your public key can get it. This technique can be used with any email service, even one that lacks a secure communication channel, because individual messages are encrypted [40] before they leave your computer. Remember that by using encryption [40] , you could attract attention to yourself. The type of encryption [40] used when you access a secure website, including a webmail account, is often viewed with less suspicion than the type of public key encryption [40] being discussed here. In some circumstances, if an email containing this sort of encrypted [40] data is intercepted or posted on a public forum, it could incriminate the person who sent it, regardless of the content of the message. You might sometimes have to choose between the privacy of your message and the need to remain inconspicuous. Encrypting and Authenticating Individual Messages Public key encryption [40] may seem complicated at first, but it is quite straightforward once you understand the basics, and the tools are not difficult to use. Simple, user-friendly and portable, the gpg4usb program can encrypt email messages and files even when you are not connected to the Internet. Hands-on: Get started with the Portable gpg4usb - email text and files encryption program guide [120] The Mozilla Thunderbird [69] email program can be used with an extension called Enigmail [95] to encrypt and decrypt email messages quite easily. Hands-on: Get started with the Thunderbird with Enigmail and GPG - Secure Email Client Guide [70] VaultletSuite 2 Go [121] , a freeware encrypted email program, is even easier to use than Thunderbird if you are willing to trust the company that provides it and allow them to do some of the work for you. Hands-on: Get started with the VaultletSuite 2Go - Secure Email Client Guide [122] The authenticity of your email is another important aspect of communication security. Anyone with Internet access and the right tools can impersonate you by sending messages from a fake email address that is identical to your own. The danger here is more apparent when considered from the perspective of the recipient. Imagine, for example, the threat posed by an email that appears to be from a trusted contact but is actually from someone whose goal is to disrupt your activities or learn sensitive information about your organisation. 25 Given that we cannot see or hear our correspondents through email, we typically rely on a sender's address to verify her identity, which is why we are so easily fooled by fake emails. Digital signatures [123] , which also rely on public key encryption [40] , provide a more secure means of proving one's identity when sending a message. The portable gpg4usb [120] guide or How to use Enigmail with Thunderbird [124] section of the Thunderbird Guide [70] explains in detail how this is done. Pablo: I had a colleague once who received email from me that I didn't send. We decided, in the end, that it was just spam, but now I'm imagining how much damage could be done if a fake email appeared in the wrong person's inbox at the wrong time. I've heard you can prevent this kind of thing with digital signatures, but what are they? Claudia: A digital signature is like a wax seal over the flap of an envelope with your letter inside, except that it can't be forged. It proves that you are the real sender of the message and that it hasn't been tampered with along the way. Further reading To learn more about faking an email identity, refer to the 2.5 Spoofing section of the Digital Security and Privacy for Human Rights Defenders [25] book. In addition to the Riseup and Thunderbird Hands-on Guides, there are a number of websites that explain how to use your email program with various popular email providers while leaving a copy of your messages on the mail server: The Riseup website [125] Instructions on using Gmail [126] . Instructions on how to import your gmail contacts into Thunderbird [127] For details on how to use other email services in this way, search the help section of the provider's website for keywords like 'POP', 'IMAP' and 'SMTP'. There is a well-known attack on the security of SSL encryption known as the Man in the Middle attack [128] . The Gmail Privacy Policy [129] , which you must accept when creating a Gmail account, explains that, "Google maintains and processes your Gmail account and its contents to provide the Gmail service to you and to improve our services." In fact, all email providers scan your messages, to some extent, so that they can offer anti-spam services and other such features. Gmail goes a bit futher, however, in order to provide 'targeted advertising' based on the actual content of your email. This could be dangerous if information stored by Google were to be intentionally or accidentally exposed. A series of interviews in 2008 addressed the privacy and encryption policies [130] of several major instant messaging services. 8. How to remain anonymous and bypass censorship on the Internet Many countries around the world have installed software that prevents Internet users within those countries from accessing certain websites and Internet services. Companies, schools and public libraries often use similar software to protect their employees, students and patrons from material that they consider distracting or harmful. This kind of filtering technology comes in a number of different forms. Some filters block a site based on its IP address [106] , while others blacklist certain domain names [131] or search through all unencrypted Internet communication, looking for specific keywords. Regardless of what filtering methods are present, it is nearly always possible to evade them by relying on intermediary computers, outside your country, to reach blocked services for you. This process is often called censorship circumvention, or simply circumvention [112] , and the intermediary computers are called proxies [132] . Proxies [132] , too, come in many different forms. This chapter includes a brief discussion of multiple-proxy anonymity networks followed by a more thorough description of basic circumvention [112] proxies [132] and how they work. Both of these methods are effective ways to evade Internet filters, although the former is most appropriate if you are willing to sacrifice speed in order to keep your Internet activities as anonymous as possible. If you know and trust the individual or organization that operates your proxy [132] , or if performance is more important to you than anonymity, then a basic circumvention [112] proxy [132] might serve you better. Background scenario Mansour and Magda are siblings, in an Arabic-speaking country, who maintain a blog on which they anonymously publicise human rights abuses and campaign for political change. The authorities in their country have not been able to shut down their website, because it is hosted in another country, but they have often tried to learn the identity of the blog's administrators from other activists. Mansour and Magda are concerned that the authorities may be able to monitor their updates and learn who they are. In addition, they want to prepare for when the government eventually filters their website, not only so that they can continue updating it, but also in order to provide good circumvention advice to readers within their own country, who would otherwise lose access to the blog. What you can learn from this chapter How to access a website that is blocked from within your country How to prevent websites that you visit from knowing your location 26 How to ensure that neither your ISP [102] nor a surveillance organization in your country can determine which websites and Internet services you visit Understanding Internet censorship Research carried out by organisations like the OpenNet Initiative (ONI) [133] and Reporters Without Borders (RSF) [134] indicates that many countries filter a wide variety of social, political and 'national security' content, while rarely publishing precise lists of what has been blocked. Naturally, those who wish to control their citizens' access to the Internet also make a special effort to block known proxies and websites that offer tools and instruction to help people circumvent these filters. Despite the guarantee of free access to information enshrined in Article 19 of the Universal Declaration of Human Rights, the number of countries engaged in Internet censorship has continued to increase dramatically over the past few years. As the practice of Internet filtering spreads throughout the world, however, so does access to the circumvention tools that have been created, deployed and publicised by activists, programmers and volunteers. Before exploring the various ways to bypass Internet censorship, you should first develop a basic understanding of how these filters work. In doing so, it may be helpful to consider a greatly-simplified model of your connection to the Internet. Your Internet connection The first step of your connection to the Internet is typically made through an Internet Service ProviderISP [102] at your home, office, school, library or Internet cafe. The ISP [102] assigns your computer an IPaddress [106] , which various Internet services can use to identify you and send you information, such as the emails and webpages you request. Anyone who learns your IP address [106] can figure out what city you are in. Certain well-connected organisations in your country, however, can use this information to determine your precise location. Your ISP will know which building you are in or which phone line you are using if you access the Internet through a modem. Your Internet cafe, library or business will know which computer you were using at a given time, as well as which port or wireless access point you were conncted to. Government agencies may know all of these details, as a result of their influence over the organisations above. At this stage, your ISP [102] relies on the network infrastructure in your country to connect its users, including you, with the rest of the world. On the other end of your connection, the website or Internet service you are accessing has gone through a similar process, having received its own IP addresses from an ISP [102] in its own country. Even without all of the technical details, a basic model like this can be helpful when considering the various tools that allow you get around filters and remain anonymous on the Internet. How websites are blocked Essentially, when you go to view a webpage, you are showing the site's IP address [106] to your ISP [102] and asking it to connect you with the webserver's ISP [102] . And, if you have an unfiltered Internet connection, it will do precisely that. If you are in a country that censors the Internet, however, it will first consult a blacklist [135] of forbidden websites and then decide whether or not to comply with your request. In some cases, there may be a central organisation that handles filtering in place of the ISPs [102] themselves. Often, a blacklist [135] will contain domain names [136] , such as www.blogger.com, rather than IPaddresses [137] . And, in some countries, filtering software monitors your connection, rather than trying to block specific Internet addresses. This type of software scans through the requests that you make and the pages that are returned to you, looking for sensitive key words and then deciding whether or not to let you see the results. And, to make matters worse, when a webpage is blocked you may not even know it. While some filters provide a 'block 27 page' that explains why a particular page has been censored, others display misleading error messages. These messages may imply that the page cannot be found, for example, or that the address was misspelled. In general, it is easiest to adopt a worst-case perspective toward Internet censorship, rather than trying to research all of the particular strengths and weaknesses of the filtering technologies used in your country. In other words, you might as well assume that: Your Internet traffic is monitored for keywords Filtering is implemented directly at the ISP [102] level Blocked sites are blacklisted [135] by both their IP addresses [106] and their domain names [131] You may be given an unclear or misleading reason to explain why a blocked site fails to load. Because the most effective circumvention tools can be used regardless of which filtering methods are in place, it does not generally do any harm to make these pessimistic assumptions Mansour: So, if I find one day that I can't access the blog, but a friend in another country can still see it just fine, does that mean the government has blocked it? Magda: Not necessarily. There could be some problem that only affects people who are trying to reach the website from here. Or, it could be some issue with your computer that only shows up on certain types of webpages. You're on the right track, though. You could also try visiting it yourself while using a circumvention tool. After all, most of these tools rely on external proxy servers, which is a bit like asking a friend in another country to test a website for you, except you get to do it yourself. Understanding censorship circumvention If you cannot go prodirectly to a website because it is blocked by one of the methods discussed above, you will need to find a way around the obstruction. A secure proxy [132] server, located in a country that does not filter the Internet, can provide this kind of detour by fetching the webpages you request and delivering them to you. From your ISP's [102] perspective, you will simply appear to be communicating securely with an unknown computer (the proxy [132] server) somewhere on the Internet. Of course, the government agency in charge of Internet censorship in your country (or the company that provides updates for its filtering software) might eventually learn that this 'unknown computer' is really a circumvention proxy [132] . If that happens, its IP address [106] may itself be added to the blacklist [135] , and it will no longer work. It usually takes some time forproxies [132] to be blocked, however, and those who create and update circumvention tools are well aware of this threat. They typically fight back using one or both of the following methods: Hidden proxies are more difficult to identify. This is one of the reasons why it is important to use secure proxies [132] , which tend to be less obvious. Encryption [40] is only part of the solution, however. The operators of a proxy [132] must also take care when revealing its location to new users if they want it to remain hidden. Disposable proxies can be replaced very quickly after they are blocked. In this case, the process of telling users how to find replacement proxies [132] may not be particularly secure. Instead, circumvention tools of this type often simply try to distribute new proxies [132] faster than they can be blocked. In the end, as long as you can reach a proxy [132] that you trust to fetch the services you ask for, all you have to do is send it your requests and view whatever comes back using the appropriate Internet application. Typically, the details of this process are handled automatically by circumvention software that you install on your computer, by modifying your browser settings or by pointing your browser to a web-based proxy [132] page. The Tor [110] anonymity network, described below, uses the first method. Following that is a discussion of basic, singleproxy [132] circumvention tools, each of which works in a slightly different manner. Anonymity networks and basic proxy servers Anonymity networks 28 Anonymity networks typically 'bounce' your Internet traffic around between various secure proxies [132] in order to disguise where you are coming from and what you are trying to access. This can significantly reduce the speed at which you are able to load websites and other Internet services. In the case of Tor [110] , however, it also provides a reliable, secure and public means of circumvention that saves you from having to worry about whether or not you trust the individuals who operate your proxies [132] and the websites you visit. As always, you must ensure that you have an encrypted connection, HTTPS [103] , to a secure website before exchanging sensitive information, such as passwords and emails, through a browser. You will have to install software to use Tor [110] , but the result is a tool that provides anonymity as well as circumvention. Each time you connect to the Tor [110] network, you select a random path through three secure Tor [110] proxies [132] . This ensures that neither your ISP [102] nor the proxies [132] themselves know both your computer's IPaddress [106] and the location of the Internet services you request. You can learn much more about this tool from the Tor Guide. Hands-on: Get started with the Tor - Digital Anonymity and Circumvention Guide [138] One of Tor's strengths is that it does not just work with a browser but can be used with various types of Internet software. Email programs, including Mozilla Thunderbird [69] ,and instant messaging programs,including Pidgin [94] , can operate through Tor, either to access filtered services or to hide your use of those services. Basic circumvention proxies There are three important questions that you should consider when selecting a basic circumvention proxy [132] . First, is it a web-based tool or does it require you to change settings or install software on your computer? Second, is it secure? Third, is it private or public? Web-based and other proxies: Web-based proxies [132] are probably the easiest to use. They require only that you point your browser at a proxy [132] webpage, enter the filtered address you wish to view and click one button. The proxy [132] will then display the requested content inside its own webpage. You can follow links normally or enter a new address into the proxy [139] if you want to view a different page. You do not need to install any software or change any browser settings, which means that web-based proxies [132] are: Easy to use Reachable from public computers, such as those at Internet cafes, that may not allow you to install programs or change settings Potentially safer if you are concerned about being 'caught' with circumvention software on your computer Web-based proxies [139] tend to have certain disadvantages, as well. They do not always display pages correctly, and many web-based proxies [132] will fail to load complex websites, including those that feature streaming audio and video content. Also, while any proxy [132] will slow down as it gains more users, this tends to be more of an issue with public web-based proxies [132] . And, of course, web-based proxies [132] only work for webpages. You can not, for example, use an instant messaging program or an email client to access blocked services through a web-based proxy [132] . Finally, secure webbased proxies [132] offer limited confidentiality because they must themselves access and modify the information returned to you by the websites you visit. If they did not, you would be unable to click on a link without leaving the proxy [132] behind and attempting to make a direct connection to the target webpage. This is discussed further in the following section. Other types of proxies [132] generally require you to install a program or configure an external proxy [132] address in your browser or operating system. In the first case, your circumvention program will typically provide some way of turning the tool on and off, which will tell your browser whether or not to use the proxy [132] . Software like this often allows you to change proxies [132] automatically if one is blocked, as discussed above. If you have to configure an external proxy [132] address in your browser or operating system, you will need to learn the correct proxy [132] address, which may change if that proxy [132] is blocked or slows down so much that it becomes unusable. Although it may be slightly more difficult to use than a web-based proxy [132] ,this method of circumvention is more likely to display complex pages correctly and may take longer to slow down as more people begin to use a given proxy [132] server. Furthermore, proxies [132] can be found for a number of different Internet applications. Examples include HTTP proxies [132] for browsers, SOCKS proxies [132] for email and chat programs and VPN proxies [132] , which can redirect all of your Internet traffic to avoid filtering. Secure and insecure proxies: A secure proxy [132] , in this chapter, refers to any proxy [132] that supports encrypted [40] connections from its users. An insecure proxy [132] will still allow you to bypass many types of filtering, but will fail if your Internet connection is being scanned for key words or particular website addresses.It is a particularly bad idea to use an insecure proxy [132] when accessing websites that are normally encrypted [40] , such as webmail accounts and banking websites. By doing so, you may expose sensitive information that would normally be hidden. And, as mentioned previously, insecure proxies [132] are often easier for those who update Internet filtering software and policies to discover and block. In the end, the fact that free, fast, secure proxies [132] exist means that there are very few good reasons to settle for an insecure one. You will know that a web-based proxy [132] is secure if you can access the proxy [139] webpage itself using an HTTPS [140] 29 address. As with webmail services, secure and insecure connections may be supported, so you should be certain to use the secure address. Often, in such cases, you will have to accept a 'security certificate warning' from your browser in order to continue. This is the case for both the Psiphon2 [141] and Peacefire [142] proxies [132] , discussed below. Warnings like this tell you that someone, such as your ISP or a hacker, could be monitoring your connection to the proxy [132] . Despite these warnings, it is still a good idea to use secure proxies [132] whenever possible. However, when relying on such proxies [132] for circumvention, you should avoid visiting secure websites, entering passwords or exchanging sensitive information unless you verify the proxy's [139] SSL [103] fingerprint. In order to do this, you will need a way of communicating with the proxy's [132] administrator. You should also avoid accessing sensitive information through a web-based proxy [132] unless you trust the person who runs it. This applies regardless of whether or not you see a security certificate warning when you visit the proxy [132] . It even applies if you know the proxy [132] operator well enough to verify the server's fingerprint before directing your browser to accept the warning. When you rely on a single proxy [132] server for circumvention, its administrator will always know your IP address [106] and which website/s you are accessing. More importantly, however, if that proxy [132] is web-based, a malicious operator could gain access to all of the information that passes between your browser and the websites you visit, including the content of your webmail and your passwords. For proxies [132] that are not web-based, you may have to do a little research to determine whether or not secure connections are supported. All of the proxies [132] and anonymity networks recommended in this chapter are secure. Private and public proxies: Public proxies [132] accept connections from anyone, whereas private proxies [132] typically require a username and password. While public proxies [132] have the obvious advantage of being freely available, assuming they can be found, they tend to become overcrowded very quickly. As a result, even though public proxies [132] may be as technically sophisticated and well-maintained as private ones, they are often relatively slow. Finally, private proxies [132] tend to be run either as for-profit businesses or by administrators who create accounts for users that they know personally or socially. Because of this, it is generally easier to determine what motivates the operators of a private proxy [132] . You should not assume, however, that private proxies [132] are therefore fundamentally more trustworthy. After all, the profit motive has led online services to expose their users in the past. Simple, insecure, public proxies [132] can often be found by searching for terms like 'public proxy' in a search engine, but you should not rely on proxies [132] discovered this way. Given the choice, it is better to use a private, secure proxy [132] run by people that you know and trust, either personally or by reputation, and who have the technical skill to keep their server secure. Whether or not you use a web-based proxy [132] will depend on your own particular needs and preferences. Any time you are using a proxy [132] for circumvention, it is also a good idea to use the Firefox [13] browser and to install the NoScript [14] browser extension, as discussed in the Firefox Guide [16] . Doing so can help protect you both from malicious proxies [132] and from websites that might try to discover your real IP address [106] . Finally, keep in mind that even an encrypted [143] proxy [132] will not make an insecure website secure. You must still ensure that you have an HTTPS [103] connection before sending or receiving sensitive information. If you are unable to find an individual, organisation or company whose proxy [132] service you consider trustworthy, affordable and accessible from your country, you should consider using the Tor anonymity network, which is discussed above, under Anonymity networks. Specific circumvention proxies Below are a few specific tools and proxies [132] that can help you circumvent Internet filtering. New circumvention tools are produced regularly, and existing ones are updated frequently, so you should visit the online Security in-a-Box website, and the resources mentioned in the Further reading [144] section below, to learn more. Virtual Private Network (VPN) based proxies VPN proxies listed below make your entire Internet connection pass through the proxy while you are "connected". This can be helpful if you use email or instant messaging providers that are filtered in your country Riseup VPN. It is for users who have email accounts on the Riseup server. The collective offers the possibility of connecting to a secure, private, free VPN proxy server. Please read more about Riseup VPN [145] and on how to connect to it [146] . Hotspot Shield is a public, secure, VPN, freeware circumvention proxy. In order to use it, you will need to download the tool [147] and install it. The company that develops Hotspot Shield receives funding from advertisers, so you will see a "banner ad" at the top of your browser window whenever you use it to visit websites that do not provide encryption [40] . Although it is impossible to verify, this company claims to delete the IP addresses [106] of those who use the tool, rather than storing or sending them to advertisers. Your-Freedom is a private, secure, VPN/SOCKS circumvention proxy [132] . It is a freeware [7] tool that that can be used to access a free circumvention service. There are restriction on bandwidth and for how long can you can use it (3 hours per day, up to 9 hours per week). You can also pay a fee to access a commercial service, which is faster and has fewer limitations. In order to use Your-Freedom, you will need to download the tool [148] and create an account [149] , both of which can be done at the Your-Freedom website [150] . You will also need to configure your browser to use the OpenVPN [151] proxy when connecting to the Internet. You can read more in Your-Freedom documentation [152] . 30 Freegate is a public, secure, VPN, freeware circumvention proxy. You can download the latest version of Freegate [153] or read interesting article about it [154] . SecurityKISS is a public, secure, VPN, freeware circumvention proxy. To use it you need to download and run a free program [155] . There is no need to register an account. The free users are restricted by the limit to 300 MB per day or the Internet traffic throught the proxy. Paid subscription offers no restrictions and more VPN servers to use. Please see SecureKISS homepage to learn more [156] . Psiphon3 is a secure, public VPN and SSH freeware circumvention proxy. To use it you need to request a link to freeware program that will set you up to use the proxy. To request send an email to get@psiphon3.com. Please see Psiphon3 homepage [157] Web Proxies: Psiphon2 is a private, anonymous webproxy servers system. To use psiphon2 [158] you need the web address (URL) of the proxy server and a account (username and password). You may receive an invitation to create account on psiphon2 from a user who already has a psiphon2 account. You may also use invitation included in the printed copy of the how-to booklet. Please see Psiphon2 homepage [159] . Peacefire maintains a large number of public, web-based proxies [132] , which can be secure or insecure, depending on how you access them. When using a Peacefire [142] proxy [132] , you must enter the HTTPS [103] address in order to have a secure connection between yourself and the proxy [132] . New proxies [132] are announced to a large mailing list on a regular basis. You can sign up to receive updates at the Peacefire website [160] . Further reading See the 2.5 Internet Surveillance and Monitoring and 2.6 Censorship circumvention chapters of the Digital Security and Privacy Manual for Human Rights Defenders [25] book. The FLOSS Manuals website contains a guide on How to Bypass Internet Censorship [161] . The Internet Censorship Wiki [162] , written by Freerk, is available in English, German and Spanish. The CitizenLab has produced Everyone's guide to by-passing Internet Censorship [163] , which is being translated into Burmese, English, French, Russian, Spanish and Urdu. Reporters Without Borders has released a second edition of its Handbook for Bloggers and Cyberdissidents [164] , which is available in Arabic, Burmese, Chinese, English, Farsi, French, Russian and Spanish. Ethan Zuckerman of Global Voices Online has published a useful guide to Anonymous Blogging with Wordpress and Tor [165] . 9. How to protect yourself and your data when using social networking sites Online communities have existed since the invention of the internet. First there were bulletin boards and email lists, which gave people around the world opportunities to connect, to communicate and to share information about particular subjects. Today, social networking websites have greatly expanded the range of possible interactions, allowing you to share messages, pictures, files and even up-to-the-minute information about what you are doing and where you are. These functions are not new or unique – any of these actions can also be performed via the internet without joining a social networking site. Although these networks can be very useful, and promote social interaction both online and offline, when using them you may be making information available to people who want to abuse it. Think of a social networking site as being like a huge party. There are people there that you know, as well as some that you don't know at all. Imagine walking through the party with all your personal details, and up-to-the-minute accounts of what you are thinking, written on a big sign stuck on your back so that everyone can read it without you even knowing. Do you really want everyone to know all about you? Remember that social networking sites are owned by private businesses, and that they make their money by collecting data about individuals and selling that data on, particularly to third party advertisers. When you enter a social networking site, you are leaving the freedoms of the internet behind and are entering a network that is governed and ruled by the owners of the site. Privacy settings are only meant to protect you from other members of the social network, but they do not shield your data from the owners of the service. Essentially you are giving all your data over to the owners and trusting them with it. If you work with sensitive information and topics, and are interested in using social networking services, it is important to be very aware of the privacy and security issues that they raise. Human rights advocates are particularly vulnerable to the dangers of social networking sites and need to be extremely careful about the information they reveal about themselves AND about the people they work with. Before you use any social networking site it is important to understand how they make you vulnerable, and then take steps to protect yourself and the people you work with. This guide will help you understand the security implications of using social networking sites. 31 Background Scenario: Mansour and Magda are human rights defenders from north Africa. They are organising a march, to take place in the middle of a large city. They want to use Facebook to publicise the event. They are worried that the authorities could be tipped off and that anyone who shows an interest could be traced. They plan to use Twitter during the march to give updates on the progress of the march. But what if the police could monitor the tweets, and deploy squads to intercept marchers? Mansour and Magda plan how to share photos and videos of the march without revealing people's identities, because they worry that participants could face persecution. We do not encourage you to stop using social networking tools altogether. However you should take proper security measures, so that you can use these tools without making yourself or anyone else vulnerable. What you can learn from this chapter How social networking sites make it easy for sensitive information to be revealed unintentionally How to safeguard information about yourself and others when using social networking sites General tips on using social networking tools Always ask the questions: Who can access the information I am putting online? Who controls and owns the information I put into a social networking site? What information about me are my contacts passing on to other people? Will my contacts mind if I share information about them with other people? Do I trust everyone with whom I'm connected? Always make sure you use secure passwords to access social networks. If anyone else does get into your account, they are gaining access to a lot of information about you and about anyone else you are connected to via that social network. Change your passwords regularly as a matter of routine. See Chapter 3. How to create and maintain secure passwords [37] for more information. Make sure you understand the default privacy settings offered by the social networking site, and how to change them. Consider using separate accounts/identities, or maybe different pseudonyms, for different campaigns and activities. Remember that the key to using a network safely is being able to trust its members. Separate accounts may be a good way to ensure that such trust is possible. Be careful when accessing your social network account in public internet spaces. Delete your password and browsing history when using a browser on a public machine. See Chapter 6. How to destroy sensitive information [37] . Access social networking sites using https:// to safeguard your username, password and other information you post. Using https:// rather than http:// adds another layer of security by encrypting the traffic from your browser to your social networking site. See Chapter 8. How to remain anonymous and bypass censorship on the internet [111] . Be careful about putting too much information into your status updates – even if you trust the people in your networks. It is easy for someone to copy your information. Most social networks allow you to integrate information with other social networks. For example you can post an update on your Twitter account and have it automatically posted on your Facebook account as well. Be particularly careful when integrating your social network accounts! You may be anonymous on one site, but exposed when using another. Be cautious about how safe your content is on a social networking site. Never rely on a social networking site as a primary host for your content or information. It is very easy for governments to block access to a social networking site within their boundaries if they suddenly find its content objectionable. The administrators of a social networking site may also decide to remove objectionable content themselves, rather than face censorship within a particular country. Posting personal details Social networking sites ask you for a good deal of data about yourself to make it easier for other users to find and connect to you. Perhaps the biggest vulnerability this creates for users of these sites is the possibility of identity fraud, which is increasingly common. In addition, the more information about yourself you reveal online, the easier it becomes for the authorities to identify you and monitor your activities. The online activities of diaspora activists from some countries have led to the targeting of their family members by the authorities in their homelands. Ask yourself: is it necessary to post the following information online? 32 birth dates contact phone numbers addresses details of family members sexual orientation education and employment history Friends, followers and contacts The first thing you will do after filling in your personal details with any social networking application is establish connections to other people. Presumably these contacts are people you know and trust – but you may also be connecting to an online community of like-minded individuals that you have never met. The most important thing to understand is what information you are allowing this online community to have. When using a social network account such as Facebook, where a lot of information about yourself is held, consider only connecting to people you know and trust not to misuse the information you post. Status updates On Twitter and Facebook and similar networks, the status update answers the questions: What am I doing right now? What's happening? The most important thing to understand about the status update is who can actually see it. The default setting for the status update on most social networking applications is that anyone on the internet can see it. If you only want your contacts to see the updates, you need to tell the social networking application to keep your updates hidden from everyone else. To do this in Twitter, look for “Protect Your Tweets”. In Facebook, change your settings to share your updates with “Friends Only”. Even if you switch to those settings, consider how easy it is for your information to be reposted by followers and friends. Agree with your network of friends on a common approach to passing on the information posted in your social networking accounts. You should also think about what you may be revealing about your friends that they may not want other people to know; it's important to be sensitive about this, and to ask others to be sensitive about what they reveal about you. There have been many incidents in which information included in status updates has been used against people. Teachers in the US have been fired after posting updates about how they felt about their students; other employees have lost their jobs for posting about their employers. This is something that nearly everyone needs to be careful about. Sharing internet content It's easy to share a link to a website and get your friend's attention. But who else will be paying attention, and what kind of reaction will they have? If you say you like a site which is in some way related to bringing down a repressive regime, that regime might take an interest and then target you. If you want your contacts to be the only people to see the things you share or mark as interesting, make sure you check your privacy settings. Revealing your location Most social networking sites will display your location if that data is available. This function is generally provided when you use a GPS-enabled phone to interact with a social network, but don't assume that it's not possible if you aren't connecting from a mobile. The network your computer is connected to may also provide location data. The way to be safest about it is to double-check your settings. Be particularly mindful of location settings on photo and video sharing sites. Don't just assume that they're not sharing your location: double-check your settings to be sure. See also On Locational Privacy, and How to Avoid Losing it Forever [166] from the Electronic Frontier Foundation website. Sharing videos/photos Photos and videos can reveal people's identities very easily. It's important that you have the consent of the subject/s of any photo or video that you post. If you are posting an image of someone else, be aware of how you may be compromising their privacy. Never post a video or photo of anyone without getting their consent first. Photos and videos can also reveal a lot of information unintentionally. Many cameras will embed hidden data (metadata tags), that reveal the date, time and location of the photo, camera type, etc. Photo and video sharing sites may publish this information when you upload content to their sites. Instant chats 33 Many social networking sites have tools that allow you to have discussions with your friends in real time. These operate like Instant Messaging and are one of the most insecure ways to communicate on the internet, both because they may reveal who you are communicating with, and what you are communicating about. Connecting to the site via https is a minimum requirement for secure chatting, but even this is not always a guarantee that your chat is using a secure connection. For example, Facebook chat uses a different channel to HTTPS (and is more prone to exposure). It is more secure to use a specific application for your chats, such as Pidgin with an Off-the-record plugin, which uses encryption. Read the 'Pidgin – secure instant messaging' hands-on guide. Joining/creating groups, events and communities What information are you giving to people if you join a group or community? What does it say about you? Alternatively, what are people announcing to the world if they join a group or community that you have created? How are you putting people at risk? When you join a community or group online it is revealing something about you to others. On the whole, people may assume that you support or agree with what the group is saying or doing, which could make you vulnerable if you are seen to align yourself with particular political groups, for example. Also if you join a group with a large number of members that you don't know, then this can compromise any privacy or security settings that you have applied to your account, so think about what information you are giving away before joining. Are you using your photo and real name so strangers can identify you? Alternatively, if you set up a group and people choose to join it, what are they announcing to the world by doing so? For example, perhaps it is a gay and lesbian support group that you have set up to help people, but by joining it people are openly identifying themselves as gay or gay-friendly, which could bring about dangers for them in the real world. Hands-on: Get started with the Social networking tools: Facebook, Twitter, YouTube and others [167] 10. How to use mobile phones as securely as possible Mobile phones are an integral part of our daily communications. All mobile phones have the capacity for voice and simple text messaging services. Their small size, relatively low cost and many uses make these devices invaluable for rights advocates who increasingly use them for communication and organisation. Recently, mobile devices with many more functions have become available. They may feature GPS [168] , multimedia capacity (photo, video and audio recording and sometimes transmitting), data processing and access to the internet. However, the way the mobile networks operate, and their infrastructure, are fundamentally different from how the internet works. This creates additional security challenges, and risks for users' privacy and the integrity of their information and communications. It is important to start with the understanding that mobile phones are inherently insecure: Information sent from a mobile phone is vulnerable. Information stored on mobile phones is vulnerable. Phones are designed to give out information about their location. We will explore these issues, and what a user can do in light of these inherent vulnerabilities. Background scenario Borna and his son Delir are both line workers in a factory, and are helping to create a workers' union. Their efforts are meeting the resistance of the factory owners, who are also well-connected in their local government. Borna's supervisor has warned him that he may be under scrutiny by management, and to beware of who he talks to. Borna has purchased a mobile phone for his union work. Delir is helping his father to use his new mobile phone safely for some of his organising activities. What you can learn from this chapter Why communication and storing data on mobile phones is not secure What steps you can take to increase the security of using mobile phones How can you minimise the chances of being spied on or tracked via your mobile phone How can you maximise the chances of remaining anonymous while using your mobile phone Mobile devices and security We need to make informed decisions when using mobile phones, in order to protect ourselves, our contacts and our data. The way mobile phone networks and infrastructure work can significantly affect users' ability to keep information and 34 communications private and secure. Mobile networks are private networks run by commercial entities, which can be under the monopoly control of the government. The commercial entity (or government), has practically unlimited access to the information and communications of customers, as well as the ability to intercept calls, text messages, and to monitor the location of each device (and therefore its user). The Operating Systems used on mobile devices themselves are custom-designed or configured by phone manufacturers according to the specifications of various service providers and for use on these companies' own networks. As a result, the OS may well include hidden features enabling better monitoring by the service provider of any particular device. The number of functions available on mobile phones has grown in the past few years. Modern mobile phones are in fact internet-connected portable mini-computers with mobile phone functions. In order to work out which aspects of your communications most need to be protected, it may help to ask yourself a few questions: What is the content of your calls and text messages? With whom do you communicate, and when? Where are you calling from? Information is vulnerable in many ways: Information is vulnerable when sent from a mobile phone Example: Each mobile phone provider has full access to all text and voice messages sent via its network. Phone providers in most countries are legally obliged to keep records of all communications. In some countries the phone providers are under the monopoly control of government. Voice and text communication can also be tapped by third parties in proximity to the mobile phone, using inexpensive equipment. Information is vulnerable within the sender's and the recipient's phones Example: Mobile phones can store all sorts of data: call history, text messages sent and received, address book information, photos, video clips, text files. These data may reveal your network of contacts, and personal information about you and your colleagues. Securing this information is difficult, even – on some phones – impossible. Modern mobile phones are pocket-sized computers. With more features comes higher risk. In addition, phones that connect to the internet are also subject to the insecurities of computers and of the internet. Phones give out information about their location Example: As part of normal operation, every mobile phone automatically and regularly informs the phone service provider where it is at that moment. What's more, many phones nowadays have [GPS]](/en/glossary#GPS) functions, and this precise location information may be embedded in other data such as photos, SMS and internet requests that are sent from the phone. The evolution of technology brings more features, but also more risks. Borna:Son, I have decided only to use this mobile for planning our meetings from now on, because I think they might be listening to the factory floor phone, and maybe even at the house. Delir: Father, it's great you have finally got a mobile phone, but do you know what it can and cannot do? Borna: Of course: it is a phone! You call someone, you talk to them, they talk back. You can do this from wherever you are. AND, I can send small messages on it to the others, or to you, and they will show up in your phone. Delir: This is all true, but it's not all. There are plenty of things you can do these days with these devices. But let's talk about some risks and safety precautions, especially if you think someone might be interested in finding out who you are communicating with, and what you are saying. The following sections discuss a number of simple steps you can take to decrease the likelihood of security threats arising from using mobile devices. Mobility and the vulnerability of information People often carry mobile phones that contain sensitive information. Communications history, text and voice messages, address books, calendar, photos and many other useful phone functions can become highly compromising if the phone or the data is lost or stolen. It is vital to be aware of the information that is stored, both actively and passively, on your mobile phone. Information stored on a phone could implicate the person using the phone as well as everyone in their address book, message inbox, photo album, etc. Mobile phones that connect to the internet are also subject to the risks and vulnerabilities associated with the internet and computers, as discussed in the other chapters of this book regarding information security, anonymity, information retrieval, loss, theft and interception. In order to reduce some of these security risks, users should be aware of their phone's potential for insecurity, as well as its set-up options. Once you know what the possible problems may be, you can put safeguards into place and take preventative measures. Borna: One advantage to the mobile phone is that they won't know where our meetings are if we organise them using our mobiles, while walking in the bazaar, instead of using the normal phones, where they may be overhearing us as we talk. 35 Delir: Well, did you say they have connections with the phone company? Borna: Someone was saying that they are bribing phone technicians to get information. Delir: If you signed up using your own identity and address for this mobile phone subscription, it is traceable to you, and any time you make a call, its record is linked to your phone subscription and identity. Did you sign up with your own ID? Borna: No, I just got a second-hand phone from your uncle's shop; he says he made sure it is clean and safe to use. He also helped me buy one of those prepaid little chips you put in your phone. Delir: Yes, it is called a SIM card [169] . The phone company tracks each call or transmission with the phone's number, and the SIM card identification number, AND the phone's identification number. So if they know which phone number, OR phone id number, OR SIM card number belongs to you, they may be able to use their contacts to see your phone-use patterns. Borna: And I suppose they can listen in to my conversations even on my mobile phone then? Delir: In your case, and thanks to Uncle, your phone isn't registered to you, and the SIM card is also not connected to you in any way. So even if they track where the SIM card and the phone are they don't necessarily know you are connected to the SIM card, or to the phone. 9.2.1 Best practices for phone security [170] 9.2.2 Basic functions, trackability and anonymity [171] 9.2.3 Text based communications – SMS / Text messages [172] 9.2.4 Functions beyond speech and messages [173] Best practices for phone security As is the case with other devices, the first line of defence for the safety of the information on your mobile phone is to physically protect the phone and its SIM card [169] from being taken or tampered with. Keep your phone with you at all times. Never leave it unattended. Avoid displaying your phone in public. Always use your phone's security lock codes or Personal Identification Numbers (PINs) and keep them secret (unknown to others). Always change these from the default factory settings. Physically mark (draw on) the SIM card, additional memory card, battery and phone with something unique and not immediately noticeable to a stranger (make a small mark, drawing, letters or numbers, or try using ultra-violet marker, which will be invisible in normal light). Place printed tamper-proof security labels or tape over the joints of the phone. This will help you easily to identify whether any of these items have been tampered with or replaced (e.g. the label or tape will be mis-aligned, or leave a noticeable residue). Make sure that you are aware of the information that is stored on your SIM card, on additional memory cards and in your phone's memory. Don't store sensitive information on the phone. If you need to store such information, consider putting it on external memory cards that can easily be discarded when necessary – don't put such details into the phone's internal memory. Protect your SIM card and additional memory card (if your phone has one), as they may contain sensitive information such as contact details and SMS messages. For example, make sure that you do not leave them at the repair shop when your phone is being serviced. When disposing of your phone make sure you are not giving away any information that is stored on it or on the SIM or memory card (even if the phone or cards are broken or expired). Disposing of SIM cards by physically destroying them may be the best option. If you plan to give away, sell or re-use your phone make sure that all information is deleted. Consider using only trusted phone dealers and repair shops. This reduces the vulnerability of your information when getting second-hand hand phones or having your phone repaired. Consider buying your phone from an authorised but randomly chosen phone dealer – this way you reduce the chance that your phone will be specially prepared for you with spying software preinstalled on it. Back up your phone information regularly to a computer. Store the backup safely and securely (see chapter: 4. How to protect the sensitive files on your computer [41] . This will allow you to restore the data if you lose your phone. Having a backup will also help you remember what information might be compromised (when your phone is lost or stolen), so you can take appropriate actions. The 15-digit serial or IMEI (International Mobile Equipment Identity) number helps to identify your phone and can be accessed by keying *#06# into most phones, by looking behind the battery of your phone or by checking in the phone's settings. Make a note of this number and keep it separate from your phone, as this number could help to trace and prove ownership quickly if it is stolen. Consider the advantages and disadvantages of registering your phone with the service provider. If you report your 36 phone stolen, the service provider should then be able to stop further use of your phone. However, registering it means your phone usage is tied to your identity. Basic functions, trackability and anonymity In order to send or receive any calls or communications to your phone, the signal towers nearest you are alerted by your phone of its presence. As a result of those alerts and communications the network service provider knows the precise geographic location of your mobile phone at any given time. Borna: Is there anything else about this phone that I need to know? Delir: I guess yes, but it depends if you really suspect they are trying to track you down. Borna: I don't think so, but can they do that? Delir: Well, yes, if you have your phone turned on, AND the technician has access to the network traffic, AND they know which phone on the system is your phone. Borna: That won't happen because I simply won't make a call on my phone when I go there. Delir: That doesn't matter father. As long as you have your phone with you, charged and ready to use, it will keep track of where you go, and talk to the towers of the network nearby, simply because it has to. So at any given time, your location is somewhere between the closest towers of the phone network. Borna: So I should turn it off until I get there? Delir: Well, of course the best thing to do is not to take it with you. The next best thing is for you to have it switched off AND take the battery out of it before you go, and not turn it on until you get back. Borna: What? isn't it enough to turn it off? Delir: Well, to be on the safe side, you should take the battery out, and here's why: this is a transmission device, and as long as the battery is connected, there is a small chance that somehow someone may turn it on without your knowledge. About Anonymity If you are conducting sensitive phone conversations or sending sensitive SMS messages, beware of the above tracking 'feature' of all mobile phones. Consider adopting the steps below: Make calls from different locations each time, and choose locations that are not associated with you. Keep your phone turned off, with the battery disconnected, go to the chosen location, switch your phone on, communicate, switch the phone off and disconnect the battery. Doing this habitually, each time you have to make a call, will mean that the network cannot track your movements. Change phones and SIM cards [169] often. Rotate them between friends or the second-hand market. Use unregistered pre-paid SIM cards if this is possible in your area. Avoid paying for a phone or SIM cards using a credit card, which will also create a connection between these items and you. Borna: You're telling me my phone might be talking to the towers about my whereabouts, even it looks as though it's switched off? Delir: Yeah, and that is not the worst case Borna: Oh? Delir: Well, they are saying that there are programs that can be installed on your phone to secretly, remotely turn it on, and have it call a number without your knowledge. Then, as you start your meeting, it would start acting like a recording and transmitting device. Borna: No! really?. Delir: Well, it is pretty easily done technologically. But none of that can happen if the battery is disconnected, so you will be safe in this unlikely case. Borna: I guess I will just not take it with me if I want to be super careful. But I wonder if I should use this thing at all then? Delir: Please, father. You used to tell me not to be afraid of new things. Mobiles are like that, you just have to know what the benefits and risks are. Just be careful. If you know the risks, you can take steps to avoid them. About eavesdropping Your phone can be set to record and transmit any sounds within the range of its microphone without your knowledge. 37 Some phones can be switched on remotely and brought into action in this way, even when they look as though they are switched off. Never let people whom you don't trust get physical access to your phone; this is a common way of installing spying software on your phone. If you are conducting private and important meetings, switch your phone off and disconnect the battery. Or don't carry the phone with you if you can leave it where it will be absolutely safe. Make sure that any person with whom you communicate also employs the safeguards described here. In addition, don't forget that using a phone in public, or in places that you don't trust, makes you vulnerable to traditional eavesdropping techniques, or to having your phone stolen. About interception of calls Typically, encryption of voice communications (and of text messages) that travel through the mobile phone network is relatively weak. There are inexpensive techniques which third parties can use to intercept your written communications, or to listen to your calls, if they are in proximity to the phone and can receive transmissions from it. And of course, mobile phone providers have access to all your voice and text communications. It is currently expensive and/or somewhat technically cumbersome to encrypt phone calls so that even the mobile phone provider can't eavesdrop – however, these tools are expected to become cheaper soon. To deploy the encryption you would first have to install an encryption application on your phone, as well as on the device of the person with whom you plan to communicate. Then you would use this application to send and receive encrypted calls and/or messages. Encryption software is currently only supported on a few models of so-called 'smart' phones. Conversations between Skype and mobile phones are not encrypted either, since at some point, the signal will move to the mobile network, where encryption is NOT in place. Text based communications – SMS / Text messages You should not rely on text message services to transmit sensitive information securely. The messages exchanged are in plain text which makes them inappropriate for confidential transactions. Borna: What if I never make calls on my mobile, and only send and receive these small messages. They can't listen in on something if no one is saying anything, and it is very quick, no? Delir: Wait a minute. These messages are also easy enough to intercept, and anyone with access to the traffic from the phone company, or even other people with the right equipment, can capture and read these messages which are moving around the network in plain text, being saved from one tower to the next. Borna: That's just silly. What should I do? Write in code like we did during the war? Delir: Well, sometimes the oldest shoes are the most comfortable ones. Sent SMS messages can be intercepted by the service operator or by third parties with inexpensive equipment. Those messages will carry the phone numbers of the sender and recipient as well as the content of the message. What's more, SMS messages can easily be altered or forged by third parties. Consider establishing a code system between you and your recipients. Codes may make your communication more secure and may provide an additional way of confirming the identity of the person you're communicating with. Code systems need to be secure and change frequently. SMS messages are available after transmission: In many countries, legislation (or other influences) requires the network providers to keep a long-term record of all text messages sent by their customers. In most cases SMS messages are kept by the providers for business, accounting or dispute purposes. Saved messages on your phone can easily be accessed by anybody who gets hold of your phone. Consider deleting all received and sent messages straightaway. Some phones have the facility to disable the logging of phone-call or text-message history. This would be especially useful for people doing more sensitive work. You should also make sure that you are familiar with what your phone is capable of. Read the manual! Functions beyond speech and messages Mobile phones are turning into mobile computing devices, complete with their own operating systems and downloadable applications that provide various services to the user. Chapter 11: How to use smartphones as securely as possible [174] covers issues related to these kinds of mobile 38 Chapter 11: How to use smartphones as securely as possible covers issues related to these kinds of mobile devices, as connectivity to internet brings about both potentials as well as risks we have covered in previous chapters. While some of the earlier mobile phone models have fewer or no internet functions, it is nevertheless important to observe the precautions outlined below on all phones. Also you should find out exactly what the capabilities of your phone are, in order to be certain that you have taken appropriate measures: Do not store confidential files and photos on your mobile phone. Move them, as soon as you can, to a safe location, as discussed in Chapter 4: How to Protect Files on Your Computer [41] . Frequently erase your phone call records, messages, address book entries, photos, etc. If you use your phone to browse the internet, follow safe practices similar to those you use when you are on the computer (e.g. always send information over encrypted connection like HTTPS [103] ). Connect your phone to a computer only if you are sure it is malware free. See Chapter 1: How to Protect Your Computer From Malware and Hackers [56] . Do not accept and install unknown and unverified programmes on your phone, including ring tones, wallpaper, java applications [175] or any others that originate from an unwanted and unexpected source. They may contain viruses, malicious software or spying programmes. Observe your phone's behaviour and functioning. Look out for unknown programmes and running processes, strange messages and unstable operation. If you don't know or use some of the features and applications on your phone, disable or uninstall them if you can. Be wary when connecting to WiFi access points that don't provide passwords, just as you would when using your computer and connecting to WiFi access points. The mobile phone is essentially like a computer and thus shares the vulnerabilities and insecurities that affect computers and the internet. Make sure communication channels like Infrared (IrDA) [176] , Bluetooth [177] and Wireless Internet (WiFi) on your phone are switched off and disabled if you are not using them. Switch them on only when they are required. Use them only in trusted situations and locations. Consider not using Bluetooth, as it is relatively easy to eavesdrop on this form of communication. Instead, transfer data using a cable connection from the phone to handsfree headphones or to a computer. Further Reading The Mobile Advocacy Toolkit [178] released by The Tactical Technology Collective. Among other things, this contains thorough descriptions and guides to the security of mobile phones [179] and also an extensive range of other tools and examples relating to their use. Security for Activists - A Practical Security Handbook for Activists and Campaigns [180] . A Guide to Mobile Phones – A short guide, for activists, to using mobile phones safely and securely [181] . A Guide to Mobile Security for Citizen Journalists [182] released by MobileActive.org A Brief Introduction to Secure SMS Messaging in MIDP - Nokia developer guide [183] Phones used as spying devices [184] 11. How to use smartphones as securely as possible In Chapter 10: How to use mobile phones as securely as possible [185] , we discussed the security challenges of using basic mobile phones – including issues with voice communication and text messaging (SMS/MMS) services. Those phones primarily (if not exclusively) use mobile networks to transfer calls and data. Advances in technology now mean that mobile phones can provide services and features similar to desktop or laptop computers. These smartphones offer many new ways to communicate and capture and disseminate media. To provide these new functionalities, the smartphones not only use the mobile network, but also connect to the internet either via a wifi connection (similar to a laptop at an internet cafe) or via data connections through the mobile network operator. So while you can, of course, make phone calls with a smartphone, it is better to view smartphones as small computing devices. This means that the other material in this toolkit is relevant to your use of your smartphone as well as your computer. Smartphones usually support a wide range of functionality – web browsing, email, voice and instant messaging over the internet, capturing, storing and transmitting audio, videos and photos, enabling social networking, multi-user games, banking and many other activities. However, many of these tools and features introduce new security issues, or increase existing risks. 39 For instance, some smartphones have built-in geo-location (GPS [186] ) functionality, which means they can provide your precise location to your mobile network operator by default, and to many applications you use on your phone (such as social networking, mapping, browsing and other applications). As mentioned before, mobile phones already relay your location information to your mobile network operator (as part of the normal functions of the phone). However, the additional GPS functionality not only increases the precision of your location information, it also increases the amount of places where this information might be distributed. It's worth reviewing all the risks associated with mobile phones discussed in Chapter 10: How to use mobile phones as securely as possible [185] as all of them are also relevant to smartphone use. Chapter 10 [185] covers issues of eavesdropping, interception of SMS or phone calls, SIM card related issues, and best practices. In this chapter we'll take a look at the additional security challenges posed by smartphones. Purses, Wallets, Smartphones We have an intuitive understanding of the value of keeping our purse or wallet safe, because so much sensitive information is stored in them, and losing them will compromise our privacy and safety. People are less aware of the amount of personal information being carried in their smartphones, and consider losing a phone a nuisance rather than a risk. If you also think that a smartphone is a computing device which is always connected to a network and is continually carried around, it also highlights the important difference between a holder of discrete, passive information (like a wallet), and an active and interactive item like a smartphone. A simple exercise can help illustrate this: Empty the content of your wallet or purse, and take account of sensitive items. Typically you may find: - Pictures of loved ones (~5 pictures) - Identification cards (driver's license, membership cards, social security cards) - Insurance and health information (~2 cards) - Money (~5 bills) - Credit/Debit cards (~3 cards) Now, examine the contents of your smartphone. A typical smartphone user may find some of the above in higher quantities, and in some cases much more valuable items: Pictures of loved ones (~100 pictures) Email applications and their passwords Emails (~500 emails) Videos (~50 videos) Social networking applications and their passwords Banking applications (with access to the bank accounts) Sensitive documents Sensitive communication records A live connection to your sensitive information The more you use smartphones, the more you need to become aware of the associated risks and take appropriate precautions. Smartphones are powerful amplifiers and distributors of your personal data. They are designed to provide as much connectivity as possible and to link to social networking services by default. This is because your personal data is valuable information that can be aggregated, searched and sold. In Chapter 5: How to recover from information loss [43] we discussed the importance of backing up data. This applies in particular to smartphones. It can be disastrous if you lose your phone without having a backup of your most important data (such as your contacts) in a secure location. Besides backing up your data, make sure you also know how to restore the data. Keep a hard copy of the steps you need to take so you can do it quickly in an emergency. In this chapter we'll start by introducing some smartphone basics – a description of various platforms and some basic setup procedures for securing your information and communication. The remaining parts of this chapter will cover specific precautions related to common uses of smartphones. Subsequent sections will cover security aspects of the following: Platforms, Setup and Installation Platforms and Operating Systems At the time of writing, the most common smartphones in use are Apple's iPhone and Google's Android, followed by Blackberry and Windows phones. The key difference between Android and other operating systems is that Android is, mostly, an Open Source (FOSS [187] ) system, which allows the operating system to be audited independently to verify if it properly protects users' information and communication. It also facilitates development of security applications for this platform. Many security-aware programmers develop Android applications with user safety and security in mind. Some of these will be highlighted later in this chapter. Regardless what type of smartphone you are using, there are issues that you should be aware of when you use a phone which connects to the internet and comes with features such as GPS [168] or wireless networking capacities. In this chapter we focus on devices with the Android platform, because, as mentioned above, it's easier to secure data and communications. Nonetheless, basic setup guides and some applications for devices other than Android phones are provided, too. 40 Blackberry phones have been presented as “secure” messaging and email devices. This is because messages and emails are securely channeled through Blackberry servers, out of the reach of potential eavesdroppers. Unfortunately, more and more governments are demanding access to these communications, citing need for guarding against potential terrorism and organised crime. India, United Arab Emirates, Saudi Arabia, Indonesia and Lebanon are examples of governments which have scrutinized the use of Blackberry devices and demanded access to user data in their countries. Feature Phones Another category of mobiles are often called 'feature phones' (e.g. Nokia 7705 Twist or Samsung Rogue). Recently, feature phones have increased their functionalities to include those of some smartphones. But generally, feature phones' operating systems are less accessible, therefore there are limited opportunities for security applications or improvements. We do not specifically address feature phones, although many measures discussed here make sense for feature phones too. Branded and locked smartphones Smartphones are usually sold branded or locked. Locking smartphones means that the device can only be operated with one carrier, whose SIM card is the only one that will work in the device. Mobile network operators usually brand a phone by installing their own firmware or software. They may also disable some functionalities or add others. Branding is a means for companies to increase revenue by channelling your smartphone use, often also collecting data about how you are using the phone or by enabling remote access to your smartphone. For these reasons, we recommend that you buy an unbranded smartphone if you can. A locked phone poses a higher risk since all your data is routed through one carrier, which centralises your data streams and makes it impossible to change SIM cards to disseminate the data over different carriers. If your phone is locked, ask someone you trust about unlocking it. General Setup Smartphones have many settings which control the security of the device. It is important to pay attention to how your smartphone is set up. In the Hands-on Guides below we will alert you to certain smartphone security settings that are available but not active by default, as well as those which are active by default and make your phone vulnerable. Hands-on: Get started with the Basic Android Set-up Guide [188] Installing and updating applications The usual way to install new software on your smartphone is to use the iPhone Appstore or Google Play store, log in with your user credentials, and download and install a desired application. By logging-in you associate your usage of the online store with the logged-in user account. The owners of the application store keep records of this user's browsing history and application choices. The applications which are offered in the official online store are, supposedly, verified by store owners (Google or Apple), but in reality this provides weak protection against what applications will do after being installed on your phone. For example, some applications may copy and send out your address book after you install them on your phone. On Android phones each application needs to request, during the installation process, what it will be permitted to do when it is in use. You should pay close attention to what permissions are requested, and if these permissions make sense for the function of the app you are installing. For example, if you are considering a "news reader" application and you find out that it requests the rights to send your contacts over a mobile data connection to a third party, you should look for alternative applications with appropriate access and rights. Android apps are also available from sources outside the official Google channels. You just need to check the Unknown sources box in your Security settings in order to use these download sites. Some users may want to consider these alternative sites to minimize online contact with Google. One of the alternative store is F-Droid [189] ('Free Droid'), which only provides FOSS [8] applications. However please remember that you should trust the site before you download any apps from it. For inexperienced users we recommend that you use Google Play store. If you don't want to (or are unable to) go online to access apps, you can transfer apps from someone else's phone by sending .apk [190] files (short for 'android application package') via bluetooth. Alternetively you could download the .apk file to your device's Micro SD card or use a usb cable to move it there from a PC. When you have received the file, simply long tap on the filename and you will be prompted to install it. (Note: be especially careful while using bluetooth - read further in the Chapter 10 [185] section on Functions beyond speech and messages [191] ). Communicating (Voice and Messages) via Smartphone Talking Securely Basic telephony In the section on Basic functions, trackability and anonymity [192] in Chapter 10: How to use mobile phones as securely as possible [185] we discussed different measures you should consider to lower the risk of interception when using the mobile phone operator network for your voice communication. 41 Using Internet through your smartphone over mobile data connections or WiFi can provide more secure ways to communicate with people, namely by using VoIP [193] and employing means to secure this channel of communication. Some smartphone tools can even extend some of this security beyond VoIP, to mobile phone calls as well (See Redphone below). Here we list a few tools and their pros and cons: Skype The most popular commercial VoIP application, Skype [194] , is available for all smartphone platforms and works well if your wireless connectivity is reliable. It is less reliable on mobile data connections. In the section Securing other internet communication tools [195] of Chapter 7: How to keep your Internet communication private [196] , we discussed the risks of using Skype, and why, if possible, it should be avoided. In summary, Skype is a non Open-Source software what makes it very difficult to independently confirm its level of security. Additionally, Skype is owned by Microsoft, which has a commercial interest in knowing when you use Skype and from where. Skype also may allow law enforcement agencies retrospective access to all your communications history. Other VoIP Using VoIP is generally free (or significantly cheaper than mobile phone calls) and leaves few data traces. In fact, a secured VoIP call can be the most secure way to communicate. CSipSimple [197] is a powerful VoIP client for Android phones that is well maintained and comes with many easy set-up wizards for different VoIP services. Open Secure Telephony Network (OSTN) [198] and the server provided by the Guardian project, ostel.me [199] , currently offers one of the most secure means to communicate via voice. Knowing and trusting the entity that operates the server for your VoIP communication needs is an important consideration. When using CSipSimple, you never directly communicate with your communication partner, instead all your data is routed through the Ostel server. This makes it much harder to trace your data and find out who you are talking to. Additionally, Ostel doesn't retain any of this data, except the account data that you need to log in. All your speech is securely encrypted and even your meta data, which is usually very hard to disguise, is blurred since traffic is proxied through the ostel.me server. If you download CSipSimple from ostel.me it also comes preconfigured for use with ostel.me, which makes it very easy to install and use. RedPhone [200] is a Free and Open-Source Software application that encrypts voice communication data sent between two devices that run this application. It is easy to install and very easy to use, since it integrates itself into your normal dialing and contact scheme. But people you want to talk to also need to install and use RedPhone. For ease of use RedPhone uses your mobile number as your identificator (like a user name on other VoIP services). However it also becomes easier to analyze the traffic it produces and trace it back to you, through your mobile number. RedPhone uses a central server, which is a point of centralization and thus puts RedPhone in a powerful position (of having control over some of this data). Hands-on Guides for CSipSimple, Ostel.me and Redphone are forthcoming. In the meantime, more information can be found by following the above links. Sending Messages Securely You should use precautions when sending SMS and using instant messaging or chatting on your smartphone. SMS As described in Chapter 10 [185] (in the section on Text based communications [201] ), SMS communication is insecure by default. Anyone with access to a mobile telecommunication network can intercept these messages easily and this is an everyday occurrence in many situations. Don't rely on sending unsecured SMS messages in critical situations. There is also no way of authenticating SMS messages, so it is impossible to know if the contents of a message was changed during delivery or if the sender of the message really is the person they claim to be. Securing SMS TextSecure [202] is a FOSS [8] tool for sending and receiving secure SMS on Android phones. It works both for encrypted and non-encrypted messages, so you can use it as your default SMS application. To exchange encrypted messages this tool has to be installed by both the sender and the recipient of a message, so you will need to get people you communicate with regularly to use it as well. TextSecure automatically detects when an encrypted message is received from another TextSecure user. It also allows you to send encrypted messages to more than one person. Messages are automatically signed making it nearly impossible to tamper with the contents of a message. In our TextSecure hands-on guide we explain in detail the features of this tool and how to use it. Hands-on: Get started with the TextSecure Guide [203] 42 Secure Chat Instant messaging and chatting on your phone can produce a lot of information that is at risk of interception. These conversations might be used against you by adversaries at a later date. You should therefore be extremely wary about what you reveal when you are writing on your phone while instant messaging and chatting. There are ways to chat and instant message securely. The best way is to use end-to-end encryption, as this will enable you to make sure the person on the other end is who you want. We recommend Gibberbot [204] as a secure text chat application for the Android phones. Gibberbot offers easy and strong encryption for your chats with Off-the-Record [93] Messaging protocol. This encryption provides both authenticity (you can verify that you are chatting with the right person) and the independent security of each session so that even if the encryption of one chat session is compromised, other past and future sessions will remain secure. Gibberbot has been designed to work together with Orbot, so your chat messages can be routed through the Tor [110] anonymizing network. This makes it very hard to trace it or even find out that it happened. Hands-on: Get started with the Gibberbot Guide [205] For iPhones, the ChatSecure [206] client provides the same features, although it is not easy to use it with the Tor [110] network. A Hands-on Guide for ChatSecure is forthcoming. In the meantime, more information can be found on its homepage [206] . Whichever application you will use always consider which account you use to chat from. For example when you use Google Talk, your credentials and time of your chatting session are known to Google. Also agree with your conversation partners on not saving chat histories, especially if they aren't encrypted. Storing Information on your Smartphone Smartphones come with large data storage capacities. Unfortunately, the data stored on your device can be easily accessible by third parties, either remotely or with physical access to the phone. Some basic precautions to reduce inappropriate access to this information are explained in the Basic Set-Up Guide for Android [188] . Additionally, you can take steps to encrypt any sensitive information on your phone by using specific tools. Data encryption tools The Android Privacy Guard (APG) [207] allows OpenGPG encryption for files and emails. It can be used to keep your files and documents safe on your phone, as well when emailing. Hands-on: Get started with the APG Guide [207] Cryptonite [208] is another FOSS [8] files encryption tool. Cryptonite has more advanced features on specially prepared rooted Android phones with a custom firmware. See the Advanced Smartphone Use [209] section for more. Hands-on: Get started with the Cryptonite Guide [210] Secure password keeping You can keep all your needed passwords in one secure, encrypted file by using Keepass. You will only need to remember one master password to access all the others. With Keepass you can use very strong passwords for each account you have, as Keepass will remember them for you, and it also comes with a password generator to create new passwords. You can synchronise Keepass password databases between your phone and your computer. We recommned that you synchronise only those passwords that you will actually use on your mobile phone. You can create a separate smaller password database on the computer and syncronise this one instead of coping an entire database with all the passwords that you use to your smartphone. Also, since all the passwords are protected by your master password, it is vital to use very strong password for your Keepass database. See Chapter 3: How to create and maintain secure passwords [37] . Hands-on: Get started with the KeePassDroid Guide [211] Sending Emails from Smartphones In this section we will briefly discuss the use of email on smartphones. We encourage you to refer to sections Securing your email [212] and Tips on responding to suspected email surveillance [101] in Chapter 7: How to keep your Internet communication private [196] where we discuss basic email security. In the first instance, consider if you really need to use your smartphone to access your email. Securing a computer and its content is generally simpler than doing so for a mobile device such as a smartphone. A smartphone is more susceptible to theft, monitoring and intrusion. 43 If it is absolutely vital that you access your email on your smartphone, there are actions you can take to minimize the risks. Do not rely on smartphone as your primary means for accessing your email. Downloading (and removing) emails from an email server and storing them only on your smartphone is not advised. You can set up your email application to use only copies of emails. If you use email encryption with some of your contacts, consider installing it on your smartphone, too. The additional benefit is that encrypted emails will remain secret if the phone falls into wrong hands. Storing your private encryption key on your mobile device may seem risky. But the benefit of being able to send and store emails securely encrypted on the mobile device might outweigh the risks. Consider creating a mobile-only encrytpion keypair (using APG [207] ) for your use on your smartphone, so you do not copy your encryption private key from your computer to the mobile device. Note that this requires that you ask people you communicate with to also encrypt emails using your mobile-only encryption key. Hands-on: Get started with the K9 and APG Guide [213] Capturing Media with Smartphones Capturing pictures, video or audio with your smartphone can be a powerful means to document and share important events. However, it is important to be careful and respectful of privacy and safety of those pictured, filmed or recorded. For example, if you take photos or record video or audio of an important event, it might be dangerous to you or to those who appear in the recordings, if your phone fell into the wrong hands. In this case, these suggestions may be helpful: Have a mechanism to securely upload recorded media files to protected online location and remove them from the phone instantly (or as soon as you can) after recording. Use tools to blur the faces of those appearing in the images or videos or distort the voices of audio or videos recordings and store only blurred and distorted copies of media files on your mobile device. Protect or remove meta information about time and place within the media files. Guardian Project [214] has created a FOSS [8] app called ObscuraCam [215] to detect faces on photos and blur them. You can choose the blurring mode and what to blur, of course. Obscuracam also deletes the original photos and if you have set up a server to upload the captured media, it provides easy functionality to upload it. Hands-on: Get started with the Obscuracam Guide [216] At the time of writing, the human rights organisation Witness [217] is working with the Guardian project on a solution to all three of the above points. Accessing the Internet Securely from Smartphones As discussed in Chapter 7: How to keep your Internet communication private [196] and Chapter 8: How to remain anonymous and bypass censorship on the Internet [111] , access to content on the Internet, or publishing material online such as photos or videos, leaves many traces of who and where you are and what you are doing. This may put you at risk. Using your smartphone to communicate with the Internet magnifies this risk. Access through WiFi or Mobile Data Smartphones allow you to control how you access the Internet: via a wireless connection provided by an access point (such as an internet cafe), or via a mobile data connection, such as GPRS, EDGE, or UMTS provided by your mobile network operator. Using a WiFi connection reduces the traces of data you may be leaving with your mobile phone service provider (by not having it connected with your mobile phone subscription). However, sometimes a mobile data connection is the only way to get online. Unfortunately mobile data connection protocols (like EDGE or UMTS) are not open standards. Independent developers and security engineers cannot examine these protocols to see how they are being implemented by mobile data carriers. In some countries mobile access providers operate under different legislation than internet service providers, which can result in more direct surveillance by governments and carriers. Regardless of which path you take for your digital communications with a smartphone, you can reduce your risks of data exposure through the use of anonymising and encryption tools. Anonymise To access content online anonymously, you can use an Android app called Orbot [218] . Orbot channels your internet communication through Tor's anonymity network. 44 Hands-on: Get started with the Orbot Guide [219] Another app, Orweb, is a web browser that has privacy enhancing features like using proxies and not keeping a local browsing history. Orbot and Orweb together circumvent web filters and firewalls, and offer anonymous browsing. Hands-on: Get started with the Orweb Guide [220] Proxies The mobile version of Firefox [13] – Firefox mobile [221] can be equipped with proxy add-ons, which direct your traffic to a proxy server. From there your traffic goes to the site you are requesting. This is helpful in cases of censorship, but still may reveal your requests unless the connection from your client to the proxy is encrypted. We recommend the Proxy Mobile [222] add-on (also from Guardian Project [223] , which makes proxying with Firefox easy. Is also the only way to channel Firefox mobile communications to Orbot and use the Tor [110] network. Advanced Smartphone Security Get full access to your smartphone Most smartphones are capable of more than their installed operating system, manufacturers' software (firmware), or the mobile operators' programmes allow. Conversely, some functionalities are 'locked in' so the user is not capable of controlling or altering these functions, and they remain out of reach. In most cases those functionalities are unnecessary for smartphone users. There are however, some applications and functionalities that can enhance the security of data and communications on a smartphone. Also there are some other existing functionalities that can be removed to avoid security risks. For this, and other reasons, some smartphone users choose to manipulate the various software and programs running the smartphone in order to gain appropriate privileges to allow them to install enhanced functionalities, or remove or reduce other ones. The process of overcoming the limits imposed by mobile carriers, or manufacturers of operating systems on a smartphone is called rooting (in case of Android devices), or jailbreaking (in case of iOS devices, like iPhone or iPad). Typically, successful rooting or jailbreaking will result in your having all the privileges needed to install and use additional applications, make modifications to otherwise locked-down configurations, and total control over data storage and memory of the smartphone. WARNING: Rooting or jailbreaking may not be a reversible process, and it requires experience with software installation and configuration. Consider the following: There is a risk of making your smartphone permanently inoperable, or 'bricking' it (i.e. turning it into a 'brick'). The manufacturer or mobile carrier warranty may be voided. In some places, this process maybe illegal. But if you are careful, a rooted device is a straightforward way to gain more control over your smartphone to make it much more secure. Alternative Firmware Firmware refers to programmes that are closely related to the particular device. They are in cooperation with the device's operating system and are responsible for basic operations of the hardware of your smartphone, such as the speaker, microphone, cameras, touchscreen, memory, keys, antennas, etc. If you have an Android device, you might consider installing a firmware alternative to further enhance your control of the phone. Note that in order to install alternative firmware, you need to root your phone. An example of an alternative firmware for an Android phone is Cyanogenmod [224] which, for example, allows you to uninstall applications from the system level of your phone (i.e. those installed by the phone's manufacturer or your mobile network operator). By doing so, you can reduce the number of ways in which your device can be monitored, such as data that is sent to your service provider without your knowledge. In addition, Cyanogenmod ships by default with an OpenVPN application, which can be tedious to install otherwise. VPN (Virtual Private Network) is one of the ways to securely proxy your internet communication (see below). Cyanogenmod also offers an Incognito browsing mode in which history of your communication is not recorded on your smartphone. Cyanogenmod comes with many other features. However, it is not supported by all Android devices, so before proceeding, check out the list of supported devices [225] . Encryption of whole volumes 45 If your phone is rooted you may consider encrypting it's entire data storage or creating a volume on the smartphone to protect some information on the phone. Luks Manager [226] allows easy, on-the-fly strong encryption of volumes with an user-friendly interface. We highly recommend that you install this tool before you start storing important data on your Android device and use the Encrypted Volumes that the Luks Manager provides to store all your data. Whisper Systems project is preparing application WhisperCore [227] that will allow full encryption of your Android device. Virtual Private Network (VPN) A VPN provides an encrypted tunnel through the internet between your device and a VPN server. This is called a tunnel, because unlike other encrypted traffic, like https, it hides all services, protocols, and contents. A VPN connection is set up once, and only terminates when you decide. Note that since all your traffic goes through the proxy or VPN server, an intermediary only needs to have access to the proxy to analyze your activities. Therefore it is important to carefully choose amongst proxy services and VPN services. It is also advisable to use different proxies and/or VPNs since distributing your data streams reduces the impact of a compromised service. We recommend using the RiseUp VPN [228] server. You can use RiseUp VPN on Android device after installing Cyanogenmod (see above). It is also easy to setup connection to RiseUp VPN on the iPhone - read more here [229] . Glossary Some of the technical terms that you will encounter, as you read through these chapters, are defined below: Android: A Linux-based open-source operating system for smartphones and tablet devices, developed by Google. APG: Android Privacy Guard: FOSS app for Android smartphones which facilitates OpenPGP encryption. It can be integrated with K9 Mail. .apk file: The file extension used for Android apps. App Store: The default repository from which iPhone applications can be found and downloaded. Avast - A freeware anti-virus tool Basic Input/Output System (BIOS) - The first and deepest level of software on a computer. The BIOS allows you to set many advanced preferences related to the computer's hardware, including a start-up password BlackBerry: A brand of smartphones which run the BlackBerry operating system developed by Research In Motion (RIM). Blacklist - A list of blocked websites and other Internet services that can not be accessed due to a restrictive filtering policy Bluetooth - A physical wireless communications standard for exchanging data over short distances from fixed and mobile devices. Bluetooth uses short wavelength radio transmissions. Booting - The act of starting up a computer CCleaner - A freeware tool that removes temporary files and potentially sensitive traces left on your hard drive by programs that you have used recently and by the Windows operating system itself CD Burner - A computer CD-ROM drive that can write data on blank CDs. DVD burners can do the same with blank DVDs. CD-RW *and *DVD-RW drives can delete and rewrite information more than once on the same CD-RW or DVD-RW disc. Circumvention - The act of bypassing Internet filters to access blocked websites and other Internet services Clam Win - A FOSS Anti-virus program for Windows Cobian Backup - A FOSS backup tool. The most recent version of Cobian is closed-source freeware, but prior versions are released as FOSS. Comodo Firewall - A freeware firewall tool Cookie - A small file, saved on your computer by your browser, that can be used to store information for, or identify you to, a particular website Cryptonite: A FOSS app for file encryption on Android smartphones. 46 Digital signature - A way of using encryption to prove that a particular file or message was truly sent by the person who claims to have sent it Domain name - The address, in words, of a website or Internet service; for example: security.ngoinabox.org EDGE, GPRS, UMTS: Enhanced Data Rates for GSM Evolution, General Packet Radio Service, and Universal Mobile Telecommunications System – technologies which allow mobile devices to connect to the internet. Encryption - A way of using clever mathematics to encrypt, or scramble, information so that it can only be decrypted and read by someone who has a particular piece of information, such as a password or an encryption key Enigmail - An add-on for the Thunderbird email program that allows it to send and receive encrypted and digitally signed email Eraser - A tool that securely and permanently deletes information from your computer or removable storage device F-Droid: An alternative repository from which many FOSS Android applications can be found and downloaded. Firefox - A popular FOSS Web browser that provides an alternative to Microsoft Internet Explorer Firewall - A tool that protects your computer from untrusted connections to or from local networks and the Internet Free and Open Source Software (FOSS) - This family of software is available free of charge and has no legal restrictions to prevent a user from testing, sharing or modifying it Freeware - Includes software that is free of charge but subject to legal or technical restrictions that prevent users from accessing the source code used to create it Gibberbot: A FOSS app for Android which facilitates secure chats over XMPP protocol (used also by Google Talk). It is compatible with Off-the-Record and, when used in conjunction with Orbot, can route chats through the Tor network. Google Play: The default repository from which Android applications can be found and downloaded. GNU/Linux - A FOSS operating system that provides an alternative to Microsoft Windows Global Positioning System (GPS) - A space-based global navigation satellite system that provides location and time information in all weather, anywhere on or near the Earth, where there is an (almost) unobstructed sky view. Guardian Project: An organisation which creates smartphone apps, mobile devices operating system enhancements and customisations with privacy and security in mind. Hacker - In this context, a malicious computer criminal who may be trying to access your sensitive information or take control of your computer remotely iPhone: A brand of smartphones designed by Apple which run the Apple's iOS operating system. Internet Protocol address (IP address) - A unique identifier assigned to your computer when it is connected to the Internet Internet Service Provider (ISP) - The company or organisation that provides your initial link to the Internet. The governments of many countries exert control over the Internet, using means such as filtering and surveillance, through the ISPs that operate in those countries. Infrared Data Association (IrDA) - A physical wireless communications standard for the short-range exchange of data using infrared spectrum light. IrDA is replaced by Bluetooth in modern devices. Java Applications (Applets) - Small programs that can run under many operating systems, are cross-platform. They are frequently used to provide improved functionalities within web pages. Jailbreaking: The process of unlocking features on an iPhone which are otherwise blocked by the manufacturer or mobile carrier in order to gain full access to the operating system. K9 Mail: A FOSS e-mail client for Android smartphones, which enables OpenPGP encryption when used with the APG app. Keylogger - A type of spyware that records which keys you have typed on your computer's keyboard and sends this information to a third party. Keyloggers are frequently used to steal email and other passwords. KeePass - A freeware secure password database LiveCD - A CD that allows your computer to run a different operating system temporarily. Malware - A general term for all malicious software, including viruses, spyware, trojans, and other such threats 47 Mnemonic device - A simple trick that can help you remember complex passwords NoScript - A security add-on for the Firefox browser that protects you from malicious programs that might be present in unfamiliar webpages Obscuracam: A FOSS app for Android smartphones, which protects identity of people by facilitating editions such as face-blurring to photographs. Orbot: A FOSS app for Android smartphones which enables apps such as Orweb and Gibberbot to connect to the Tor network. Orweb: A FOSS web browser for Android smartphones which, when used in conjunction with Orbot, facilitates browsing over the Tor network. Off the Record (OTR) - An encryption plugin for the Pidgin instant messaging program Peacefire - Subscribers to this free service receive periodical emails containing an updated list of circumvention proxies, which can be used to bypass Internet censorship Physical threat - In this context, any threat to your sensitive information that results from other people having direct physical access your computer hardware or from other physical risks, such as breakage, accidents or natural disasters Pidgin - A FOSS instant messaging tool that supports an encryption plugin called Off the Record (OTR) Proxy - An intermediary service through which you can channel some or all of your Internet communication and that can be used to bypass Internet censorship. A proxy may be public, or you may need to log in with a username and password to access it. Only some proxies are secure, which means that they use encryption to protect the privacy of the information that passes between your computer and the Internet services to which you connect through the proxy. Proprietary software - The opposite of Free and Open-Source Software (FOSS). These applications are usually commercial, but can also be freeware with restrictive license requirements. RiseUp - A email service run by and for activists that can be accessed securely either through webmail or using an email client such as Mozilla Thunderbird Rooting: The process of unlocking features on an Android Phone which are otherwise blocked by the manufacturer or mobile carrier in order to gain full access to the operating system. Router - A piece of networking equipment through which computers connect to their local networks and through which various local networks access the Internet. Switches, gateways and hubs perform similar tasks, as do wireless access points for computers that are properly equipped to use them Secure password database - A tool that can encrypt and store your passwords using a single master password Secure Sockets Layer (SSL) - The technology that permits you to maintain a secure, encrypted connection between your computer and some of the websites and Internet services that you visit. When you are connected to a website through SSL, the address of the website will begin with HTTPS rather than HTTP. Security certificate - A way for secure websites and other Internet services to prove, using encryption, that they are who they claim to be. In order for your browser to accept a security certificate as valid, however, the service must pay for a digital signature from a trusted organization. Because this costs money that some service operators are unwilling or unable to spend, however, you will occasionally see a security certificate error even when visiting a valid service. Security policy - A written document that describes how your organization can best protect itself from various threats, including a list of steps to be taken should certain security-related events take place Security cable - A locking cable that can be used to secure a laptop or other piece of hardware, including external hard drives and some desktop computers, to a wall or a desk in order to prevent it from being physically removed Server - A computer that remains on and connected to the Internet in order to provide some service, such as hosting a webpage or sending and receiving email, to other computers SIM card - A small, removable card that can be inserted into a mobile phone in order to provide service with a particular mobile phone company. SIM cards can also store phone numbers and text messages. Skype - A freeware Voice over IP (VoIP) tool that allows you to speak with other Skype users for free and to call telephones for a fee. The company that maintains Skype claims that conversations with other Skype users are encrypted. Because it is a closed-source tool, there is no way to verify this claim, but many people believe it to be true. Skype also supports instant messaging. Source code - The underlying code, written by computer programmers, that allows software to be created. The source code for a given tool will reveal how it works and whether it may be insecure or malicious. 48 Spybot - A freeware anti-malware tool that scans for, removes and helps protect your computer from spyware Steganography - Any method of disguising sensitive information so that it appears to be something else, in order to avoid drawing unwanted attention to it Swap file - A file on your computer to which information, some of which may be sensitive, is occasionally saved in order to improve performance Textsecure: A FOSS app for Android which facilitates encrypted sending and storage of text messages. Thunderbird - A FOSS email program with a number of security features, including support for the Enigmail encryption add-on Tor - An anonymity tool that allows you to bypass Internet censorship and hide the websites and Internet services you vist from anyone who may be monitoring your Internet connection, while also disguising your own location from those websites TrueCrypt - A FOSS file encryption tool that allows you to store sensitive information securely Undelete Plus - A freeware tool that can sometimes restore information that you may have deleted accidentally Uninterruptable Power Supply (UPS) - A piece of equipment that allows your critical computing hardware to continue operating, or to shut down gracefully, in the event of a brief loss of power VautletSuite 2 Go - A Freeware encrypted email program Voice over IP (VoIP) - The technology that allows you to use the Internet for voice communication with other VoIP users and telephones Whitelist - A list of websites or Internet services to which some form of access is permitted, when other sites are automatically blocked Windows Phone: A smartphone operating system developed by Microsoft. Wiping - The process of deleting information securely and permanently Your-Freedom - A freeware circumvention tool that allows you to bypass filtering by connecting to the Internet through a private proxy. If Your-Freedom is configured properly, your connection to these proxies will be encrypted in order to protect the privacy of your communication. Source URL (retrieved on 26/03/2013 - 11:28): https://securityinabox.org/en/howtobooklet Links: [1] https://securityinabox.org/en/glossary#Hacker [2] https://securityinabox.org/en/glossary#Malware [3] https://securityinabox.org/en/glossary#Avast [4] https://securityinabox.org/en/glossary#Spybot [5] https://securityinabox.org/en/glossary#Comodo_Firewall [6] https://securityinabox.org/en/glossary#GNU_Linux [7] https://securityinabox.org/en/glossary#Freeware [8] https://securityinabox.org/en/glossary#FOSS [9] https://securityinabox.org/en/avast_main [10] https://securityinabox.org/en/glossary#Clam_Win [11] https://securityinabox.org/en/howtouseavast#Section_3.2.1 [12] https://securityinabox.org/en/spybot_main [13] https://securityinabox.org/en/glossary#Firefox [14] https://securityinabox.org/en/glossary#NoScript [15] https://securityinabox.org/en/firefox_noscript [16] https://securityinabox.org/en/firefox_main [17] https://securityinabox.org/en/comodofirewall_main [18] https://securityinabox.org/en/chapter_1_5 [19] https://securityinabox.org/en/glossary#Router [20] https://securityinabox.org/en/glossary#Proprietary_software [21] https://securityinabox.org/en/glossary#Source_code [22] https://www.libreoffice.org/ [23] https://securityinabox.org/en/glossary#LiveCD [24] http://www.ubuntu.com/ [25] http://www.frontlinedefenders.org/esecman [26] http://www.virusbtn.com [27] http://www.marksanborn.net/howto/turn-off-unnecessary-windows-services [28] http://tacticaltech.org [29] http://www.askvg.com/download-free-bootable-rescue-cds-from-kaspersky-bitdefender-avira-f-secure-and-others/ [30] http://www.selectrealsecurity.com/malware-removal-guide [31] https://securityinabox.org/en/glossary#Security_policy [32] https://securityinabox.org/en/glossary#Physical_threats [33] https://securityinabox.org/en/glossary#Physical_threat [34] https://securityinabox.org/en/glossary#Skype [35] https://securityinabox.org/en/glossary#Server [36] https://securityinabox.org/en/glossary#Security_cable [37] https://securityinabox.org/en/chapter-3 49 [38] https://securityinabox.org/en/glossary#BIOS [39] https://securityinabox.org/en/glossary#Booting [40] https://securityinabox.org/en/glossary#Encryption [41] https://securityinabox.org/en/chapter-4 [42] https://securityinabox.org/en/glossary#UPS [43] https://securityinabox.org/en/chapter-5 [44] https://securityinabox.org/en/chapter_2_5 [45] http://www.frontlinedefenders.org/manuals/protection [46] http://www.frontlinedefenders.org/security-training [47] https://securityinabox.org/en/glossary#Secure_password_database [48] https://securityinabox.org/en/glossary#KeePass [49] https://securityinabox.org/en/chapter_3_2 [50] https://securityinabox.org/en/glossary#Mnemonic_device [51] https://passfault.appspot.com/password_strength.html [52] https://securityinabox.org/en/keepass_main [53] http://en.wikipedia.org/wiki/Password [54] http://en.wikipedia.org/wiki/Password_strength [55] http://en.wikipedia.org/wiki/Password_cracking [56] https://securityinabox.org/en/chapter-1 [57] https://securityinabox.org/en/chapter-2 [58] https://securityinabox.org/en/glossary#TrueCrypt [59] https://securityinabox.org/en/truecrypt_main [60] https://securityinabox.org/en/chapter_4_2 [61] https://securityinabox.org/en/chapter-6 [62] https://securityinabox.org/en/glossary#Steganography [63] https://securityinabox.org/en/chapter_4_3 [64] http://www.truecrypt.org/docs/ [65] http://www.truecrypt.org/faq.php [66] https://securityinabox.org/en/glossary#Cobian_Backup [67] https://securityinabox.org/en/glossary#Recuva [68] https://securityinabox.org/en/glossary#Firewall [69] https://securityinabox.org/en/glossary#Thunderbird [70] https://securityinabox.org/en/thunderbird_main [71] https://securityinabox.org/en/glossary#CD_burner [72] https://securityinabox.org/en/chapter_5_5 [73] https://securityinabox.org/en/cobian_main [74] https://securityinabox.org/en/recuva_main [75] https://www.wuala.com/ [76] https://spideroak.com/ [77] https://drive.google.com/start [78] https://tahoe-lafs.org/trac/tahoe-lafs [79] http://en.wikipedia.org/wiki/Data_recovery [80] https://securityinabox.org/en/glossary#Eraser [81] https://securityinabox.org/en/glossary#Wiping [82] https://securityinabox.org/en/glossary#CCleaner [83] https://securityinabox.org/en/glossary#Swap_file [84] https://securityinabox.org/en/eraser_main [85] https://securityinabox.org/en/glossary#Cookie [86] https://securityinabox.org/en/ccleaner_main [87] http://www.piriform.com/ccleaner/faq [88] http://www.usenix.org/publications/library/proceedings/sec96/full_papers/gutmann/ [89] http://en.wikipedia.org/wiki/Gutmann_method [90] https://jitsi.org/ [91] https://securityinabox.org/en/glossary#VoIP [92] https://securityinabox.org/en/glossary#RiseUp [93] https://securityinabox.org/en/glossary#OTR [94] https://securityinabox.org/en/glossary#Pidgin [95] https://securityinabox.org/en/glossary#Enigmail [96] https://securityinabox.org/en/glossary#Keylogger [97] https://securityinabox.org/en/chapter_7_1#Keeping_your_webmail_private [98] https://securityinabox.org/en/chapter_7_1#Switching_to_a_more_secure_email_account [99] https://securityinabox.org/en/chapter_7_4 [100] https://securityinabox.org/en/chapter_7_4#Encrypting_and_authenticating_individual_email_messages [101] https://securityinabox.org/en/chapter_7_2 [102] https://securityinabox.org/en/glossary#ISP [103] https://securityinabox.org/en/glossary#SSL [104] https://securityinabox.org/en/discussion#Encryption [105] https://securityinabox.org/en/glossary#Security_certificate [106] https://securityinabox.org/en/glossary#IP_address [107] https://securityinabox.org/en/chapter_7_5 [108] https://mail.riseup.net [109] https://securityinabox.org/en/riseup_main [110] https://securityinabox.org/en/glossary#Tor [111] https://securityinabox.org/en/chapter-8 [112] https://securityinabox.org/en/glossary#Circumvention [113] https://securityinabox.org/en/pidgin_main [114] http://www.skype.com [115] http://jitsi.org/ [116] http://www.google.com/talk [117] http://voice.yahoo.com/ [118] http://explore.live.com/windows-live-messenger [119] https://securityinabox.org/en/chapter_1_4 [120] https://securityinabox.org/en/gpg4usb_portable [121] https://securityinabox.org/en/glossary#VaultletSuite [122] https://securityinabox.org/en/vaultletsuite_main [123] https://securityinabox.org/en/glossary#Digital_signature [124] https://securityinabox.org/en/thuderbird_encryption 50 [125] [126] [127] [128] [129] [130] [131] [132] [133] [134] [135] [136] [137] [138] [139] [140] [141] [142] [143] [144] [145] [146] [147] [148] [149] [150] [151] [152] [153] [154] [155] [156] [157] [158] [159] [160] [161] [162] [163] [164] [165] [166] [167] [168] [169] [170] [171] [172] [173] [174] [175] [176] [177] [178] [179] [180] [181] [182] [183] [184] [185] [186] [187] [188] [189] [190] [191] [192] [193] [194] [195] [196] [197] [198] [199] [200] [201] [202] [203] [204] [205] [206] [207] [208] [209] [210] [211] https://help.riseup.net/en/email-clients https://mail.google.com/support/bin/topic.py?topic=12769 http://email.about.com/od/mozillathunderbirdtips/qt/et_gmail_addr.htm https://secure.wikimedia.org/wikipedia/en/wiki/Man-in-the-middle_attack https://www.google.com/intl/en/privacy/privacy-policy.html http://news.cnet.com/8301-13578_3-9962106-38.html https://securityinabox.org/en/glossary#Domain_name https://securityinabox.org/en/glossary#Proxy http://opennet.net/ http://www.rsf.org/ https://securityinabox.org/en/glossary#Blacklist https://securityinabox.org/en/glossary#Domain_names https://securityinabox.org/en/glossary#IP_addresses https://securityinabox.org/en/tor_main https://securityinabox.org/en/glossary%23Proxy https://securityinabox.org/en/glossary#HTTPS https://securityinabox.org/en/glossary#Psiphon https://securityinabox.org/en/glossary#Peacefire https://securityinabox.org/en/glossary#Encrypted https://securityinabox.org/en/chapter_8_5 https://help.riseup.net/en/riseup-vpn https://we.riseup.net/riseuphelp+en/vpn-howto http://www.hotspotshield.com/ http://www.your-freedom.net/index.php?id=3 http://www.your-freedom.net/index.php?id=170&L=0 http://your-freedom.net https://www.your-freedom.net/index.php?id=172 https://www.your-freedom.net/index.php?id=doc http://www.dit-inc.us/freegate http://www.addictivetips.com/windows-tips/freegate-lets-you-access-blocked-websites-at-optimal-speed/ http://www.securitykiss.com/resources/download/ http://www.securitykiss.com http://psiphon.ca/?page_id=204 http://www.psiphon.ca/ http://psiphon.ca/?page_id=196 http://peacefire.org/ https://www.howtobypassinternetcensorship.org/ http://en.cship.org/wiki/Main_Page http://citizenlab.org/guides/everyones-guide-english.pdf http://www.rsf.org/IMG/pdf/Bloggers_Handbook2.pdf http://advocacy.globalvoicesonline.org/tools/guide/ https://www.eff.org/wp/locational-privacy https://securityinabox.org/en/social_networking_tools https://securityinabox.org/en/glossary#GPS https://securityinabox.org/en/glossary#SIM_card https://securityinabox.org/en/node/1777 https://securityinabox.org/en/node/1778 https://securityinabox.org/en/node/1779 https://securityinabox.org/en/node/1780 https://securityinabox.org/en/chapter-11 https://securityinabox.org/en/glossary#Java https://securityinabox.org/en/glossary#IrDA https://securityinabox.org/en/glossary#Bluetooth http://mobiles.tacticaltech.org http://mobiles.tacticaltech.org/security http://www.activistsecurity.org/ http://www.freebeagles.org/articles/mobile_phones.html http://mobileactive.org/mobilesecurity-citizenjournalism http://sw.nokia.com/id/5274b81c-12d0-43bb-8d89-26f6a1ae111f/A_Brief_Introduction_to_Secure_SMS_Messaging_in_MIDP_en.pdf http://www.mysecured.com/?p=127 https://securityinabox.org/en/chapter-10 https://securityinabox.org/en/Glossary#GPS https://securityinabox.org/en/Glossary#FOSS https://securityinabox.org/en/android_basic http://f-droid.org https://securityinabox.org/en/glossary#apk https://securityinabox.org/en/chapter_10_2_4 https://securityinabox.org/en/chapter_10_2_2 https://securityinabox.org/en/Glossary#VoIP https://securityinabox.org/en/glossary#skype https://securityinabox.org/en/chapter_7_3 https://securityinabox.org/en/chapter-7 http://f-droid.org/repository/browse/?fdid=com.csipsimple&fdpage=4 https://guardianproject.info/wiki/OSTN https://ostel.me https://play.google.com/store/apps/details?id=org.thoughtcrime.redphone https://securityinabox.org/en/chapter_10_2_3 https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms https://securityinabox.org/en/textsecure_main https://guardianproject.info/apps/gibber/ https://securityinabox.org/en/gibberbot_main https://chatsecure.org https://securityinabox.org/en/APG_main https://code.google.com/p/cryptonite/ https://securityinabox.org/en/chapter_11_7 https://securityinabox.org/en/Cryptonite_main https://securityinabox.org/en/KeepassDroid_main 51 [212] [213] [214] [215] [216] [217] [218] [219] [220] [221] [222] [223] [224] [225] [226] [227] [228] [229] https://securityinabox.org/en/chapter_7_1 https://securityinabox.org/en/K9_APG_main https://guardianproject.info https://guardianproject.info/apps/obscuracam/ https://securityinabox.org/en/Obscuracam_main https://securityinabox.org/en/www.witness.org https://www.torproject.org/docs/android.html.en https://securityinabox.org/en/Orbot_main https://securityinabox.org/en/Orweb_main http://f-droid.org/repository/browse/?fdid=org.mozilla.firefox https://guardianproject.info/apps/proxymob-firefox-add-on/ https://guardianproject.info/ http://www.cyanogenmod.com http://www.cyanogenmod.com/devices https://play.google.com/store/apps/details?id=com.nemesis2.luksmanager&hl=en http://www.whispersys.com/whispercore.html https://help.riseup.net/en/vpn https://support.apple.com/kb/HT1424 52
© Copyright 2024